Hi, On Sat, Aug 19, 2023 at 10:04:40PM +0900, YOKOTA Hiroshi wrote: > Package: unrar > Version: 1:6.0.3-1+deb11u1 > Severity: normal > X-Debbugs-Cc: [email protected], [email protected], [email protected] > > > CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10 > by Debian LTS team ( DLA-3535-1 ). > The fix patch for Debian 10 can be apply for Debian 11. > > Fix patch for CVE-2022-48579 > Debian 10: https://github.com/debian-calibre/unrar- > nonfree/commit/28eb57cb85aa656b7cda0e2f6a282c09f7351272 > Debian 11: https://github.com/debian-calibre/unrar- > nonfree/commit/5daa9b93c099bd0219528d26778835ca1f6896da > > > FYI: CVE-2022-48579 was already fixed in 1:6.2.3-1 in Debian sid.
FWIW, does not warrant a DSA, but can be fixed via upcoming point release. Regards, Salvatore
