Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1

Moritz Muehlenhoff Mon, 04 Sep 2023 13:03:21 -0700

On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm
> User: release.debian....@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: 7...@packages.debian.org, yokota.h...@gmail.com, 
> b...@debian.org, t...@security.debian.org
> Control: affects -1 + src:7zip
> 
> [ Reason ]
> 1. Fix security issue
>  CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
>  CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
>
> 2. Use 7zip-rar package for RAR archives.
>    7zip-rar requires 7zip >= 22.01-9


What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there some
kind of public upstream VCS or can you ask upstream about it?

Cheers,
        Moritz

Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1

Reply via email to