subject:"\(CVE\-2007\-0855\) Preparation of the next stable Debian GNU\/Linux update"

Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

2007-12-29 Thread Luk Claes

Touko Korpela wrote:
> On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote:
>> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote:
>>> Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer
>>> overflow) bug in etch and sarge. It has debian bug #410580
>>> Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?
>> yes, please upload.
> 
> Unrar-nonfree is still vulnerable after last etch update. Maybe somebody
> should upload fixed version finally?

An upload (based on the stable/oldstable version instead of a backport)
is being prepared, the only remaining issue is how we will build it on
all affected architectures.

Cheers

Luk


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

2007-12-29 Thread Touko Korpela

On Sun, May 20, 2007 at 08:33:16PM +0200, Martin Zobel-Helas wrote:
> On Sun May 20, 2007 at 17:29:19 +0300, Touko Korpela wrote:
> > Unrar (source package unrar-nonfree) has CVE-2007-0855 (Stack-based buffer
> > overflow) bug in etch and sarge. It has debian bug #410580
> > Maintainer didn't ask for it but should 1:3.7.3-1 be included in 4.0r1?
> 
> yes, please upload.

Unrar-nonfree is still vulnerable after last etch update. Maybe somebody
should upload fixed version finally?


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

Re: (CVE-2007-0855) Preparation of the next stable Debian GNU/Linux update

2 matches

Site Navigation

Mail list logo

Footer information