On Tue, Sep 05, 2023 at 04:04:27AM +0900, YOKOTA Hiroshi wrote: > Package: release.debian.org > Severity: normal > Tags: bookworm > User: release.debian....@packages.debian.org > Usertags: pu > X-Debbugs-Cc: 7...@packages.debian.org, yokota.h...@gmail.com, > b...@debian.org, t...@security.debian.org > Control: affects -1 + src:7zip > > [ Reason ] > 1. Fix security issue > CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ > CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ > > 2. Use 7zip-rar package for RAR archives. > 7zip-rar requires 7zip >= 22.01-9
What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there some kind of public upstream VCS or can you ask upstream about it? Cheers, Moritz