Source: p7zip-rar Version: 16.02-1 Severity: grave Tags: security upstream Hi,
The following vulnerability was published for p7zip-rar. CVE-2018-10115[0]: | Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 | and before can lead to usage of uninitialized memory, allowing remote | attackers to cause a denial of service (segmentation fault) or execute | arbitrary code via a crafted RAR archive. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-10115 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10115 [1] https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ [2] https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
