Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update
Touko Korpela wrote:
> On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote:
>> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote:
>>> Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer
>>> overflow) bug in etch and sarge. It has debian bug #410580
>>> Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?
>> yes, please upload.
> Unrar-nonfree is still vulnerable after last etch update. Maybe somebody
> should upload fixed version finally?
An upload (based on the stable/oldstable version instead of a backport)
is being prepared, the only remaining issue is how we will build it on
all affected architectures.