Your message dated Sat, 09 Sep 2023 16:17:41 +0000
with message-id <[email protected]>
and subject line Bug#1050080: fixed in unrar-nonfree 1:6.0.3-1+deb11u2
has caused the Debian Bug report #1050080,
regarding unrar: Fix CVE-2022-48579 for Debian 11
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1050080: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050080
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unrar
Version: 1:6.0.3-1+deb11u1
Severity: normal
X-Debbugs-Cc: [email protected], [email protected], [email protected]
CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10
by Debian LTS team ( DLA-3535-1 ).
The fix patch for Debian 10 can be apply for Debian 11.
Fix patch for CVE-2022-48579
Debian 10: https://github.com/debian-calibre/unrar-
nonfree/commit/28eb57cb85aa656b7cda0e2f6a282c09f7351272
Debian 11: https://github.com/debian-calibre/unrar-
nonfree/commit/5daa9b93c099bd0219528d26778835ca1f6896da
FYI: CVE-2022-48579 was already fixed in 1:6.2.3-1 in Debian sid.
--
YOKOTA Hiroshi
--- End Message ---
--- Begin Message ---
Source: unrar-nonfree
Source-Version: 1:6.0.3-1+deb11u2
Done: Markus Koschany <[email protected]>
We believe that the bug you reported is fixed in the latest version of
unrar-nonfree, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Markus Koschany <[email protected]> (supplier of updated unrar-nonfree package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 20 Aug 2023 09:58:26 +0200
Source: unrar-nonfree
Architecture: source
Version: 1:6.0.3-1+deb11u2
Distribution: bullseye
Urgency: high
Maintainer: UnRar maintainer team <[email protected]>
Changed-By: Markus Koschany <[email protected]>
Closes: 1050080
Changes:
unrar-nonfree (1:6.0.3-1+deb11u2) bullseye; urgency=high
.
* Non maintainer upload.
* Fix CVE-2022-48579:
It was discovered that UnRAR, an unarchiver for rar files, allows
extraction of files outside of the destination folder via symlink chains.
(Closes: #1050080)
Checksums-Sha1:
1cc1e5f1587b3ee92df1a9d2c871cf725080a847 2461 unrar-nonfree_6.0.3-1+deb11u2.dsc
e7be8cc14a71af3a7e7c624ae52a49d4c9276e4f 15644
unrar-nonfree_6.0.3-1+deb11u2.debian.tar.xz
71fc93815a11251d2114f36b4892c910ef9b0ca0 7700
unrar-nonfree_6.0.3-1+deb11u2_amd64.buildinfo
Checksums-Sha256:
0651fcb8fb3fdb999ee1e9fa51156b5217d2edebc938a1bcc4380b10befe02cc 2461
unrar-nonfree_6.0.3-1+deb11u2.dsc
aee9fde56d9258679331b0a6779a520ac931e154721e54b211b7aba537816194 15644
unrar-nonfree_6.0.3-1+deb11u2.debian.tar.xz
1396a17e05bd6c8f0f63b618d28539a4cedaed7a0a498df350ecc72d17b9c32f 7700
unrar-nonfree_6.0.3-1+deb11u2_amd64.buildinfo
Files:
9a195adf4f2514edaaa42ce4b81bd0ef 2461 non-free/utils optional
unrar-nonfree_6.0.3-1+deb11u2.dsc
1c3b7df33ef168c2fae3fd1b89d9bbb5 15644 non-free/utils optional
unrar-nonfree_6.0.3-1+deb11u2.debian.tar.xz
8bce04442cb3467015bb47fb365a6e63 7700 non-free/utils optional
unrar-nonfree_6.0.3-1+deb11u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmThyOhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkeDUQAM3rOl6vIxiRY9PR9S9izVcZpoZRHj0UFsPI
COlREYffAYY5Yb55ePevkzHbs8+fO14gshlLrQf/82e8VICchhRQScVIudsHCuke
MdTJA2QcTDqj07TbcdmWmZ/rc0UBhd0v1PG8Lq0OQemnCKYk7eBKWI/GrUDUnhP9
zUi74otwMG+3KtcrR3BTE56iBT11DWudS3JW2fmtcBpfoIOw7eeBKChxLJetT2MT
QAwExD/ypXdI66TjknX9LCXiwUQ6dEEQKVU4Ex7ZEFQLNal2cCDck74+kX5oIuBC
wMGSJwvj4czjDy+LB/3mELq4yB2awReEL64GhI2udMv7NHl6y2FJp9I9+uG2cAex
u0kQC9ZEJN1Jtas+Av5F2IKI+OnWUK23+mL67ZshrF81Fl9JPr70JrNmYAI3pRNO
GbMBVT0e6NID1zb78iw7O5u/m0/LlQTIylvtw547gQ8+60wSfaki5vq674WX6FBs
ejK4iKb/FtlkcbUE2aqwa8ZIQqR7FS4F50Zz9FYfiyC1J9iHRPsCEbXGnArC1WZ0
4R8NJqRSlCzeHcfabpAJpB6OKuikwryV++1/4GOT0EQZMbi2JLF8mJXS+2mCj+r0
frB0Xoo5zHrx2JNS8ER2rUuEHCpYS4WARlc5NLP1Qd30BD+lf/+jtZUWYLea1aeS
Zww21RdG
=CNaY
-----END PGP SIGNATURE-----
--- End Message ---
