Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

To: Touko Korpela <tkorpela@phnet.fi>
Cc: 410580@bugs.debian.org, debian-release@lists.debian.org, debian-security@lists.debian.org
Subject: Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update
From: Luk Claes <luk@debian.org>
Date: Sun, 30 Dec 2007 00:19:23 +0100
Message-id: <[🔎] 4776D5FB.5010401@debian.org>
In-reply-to: <[🔎] 20071229104040.GA5960@tiikeri.vuoristo.local>
References: <20070519214822.GA17368@ries.debian.org> <20070520142919.GA29068@tiikeri.vuoristo.local> <20070520183316.GI14281@ftbfs.de> <[🔎] 20071229104040.GA5960@tiikeri.vuoristo.local>

Touko Korpela wrote:
> On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote:
>> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote:
>>> Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer
>>> overflow) bug in etch and sarge. It has debian bug #410580
>>> Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?
>> yes, please upload.
> 
> Unrar-nonfree is still vulnerable after last etch update. Maybe somebody
> should upload fixed version finally?

An upload (based on the stable/oldstable version instead of a backport)
is being prepared, the only remaining issue is how we will build it on
all affected architectures.

Cheers

Luk

Reply to:

References:
- Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update
  - From: Touko Korpela <tkorpela@phnet.fi>

Prev by Date: Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update
Next by Date: ping22: can not kill this process
Previous by thread: Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update
Next by thread: ping22: can not kill this process
Index(es):
- Date
- Thread