Touko Korpela wrote: > On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote: >> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote: >>> Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer >>> overflow) bug in etch and sarge. It has debian bug #410580 >>> Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1? >> yes, please upload. > > Unrar-nonfree is still vulnerable after last etch update. Maybe somebody > should upload fixed version finally?
An upload (based on the stable/oldstable version instead of a backport) is being prepared, the only remaining issue is how we will build it on all affected architectures. Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
