Re: unrar: some issues missing from security tracker data

Hi Bastian, On Fri, Aug 25, 2023 at 10:53:24AM +0200, Bastian Germann wrote: > Am 25.08.23 um 09:49 schrieb Salvatore Bonaccorso: > > Hi Chris, > > > > On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote: > > > Hey. > > > > > > Unrar data in the security tracker seems to mis

Re: DSA-5332 Missing from your cross references page

Hi, On Fri, Aug 25, 2023 at 07:29:08AM +, Mouer, Steve wrote: > Hello, > > I am hoping you can help with an issue we are seeing. > > We are using your page > (https://www.debian.org/security/crossreferences) for cross > references of Debian Security Advisories so that we can link the > advis

Re: unrar: some issues missing from security tracker data

> My mail was really just about the missing entry in the security > tracker, as this CVE is now quite "famous" and people may look it up > there (at the security tracker) and be unsure whether or not it is > already fixed (which it is), especially since the changelog.Debian > contains as of now the

Re: unrar: some issues missing from security tracker data

On Fri, 2023-08-25 at 20:47 +0900, yokota wrote: > I was extracted 6.2.9 fix and apply it to Git for other UnRAR version > that distributed in Debian 10,11,12. > Please examine the fix from unrar-nonfree Git repository: Thanks for fixing it so early (which I've had seen, btw). :-) My mail was re

Re: unrar: some issues missing from security tracker data

Hello all, > CVE-2023-40477 mentions to be in RAR4 recovery volume processing code, which > is recvol.cpp in the > unrar source. There was no 6.3 unrar source release yet... WinRAR version number "6.23" is application version. Upstream says CVE-2023-40477 was fixed in WinRAR 6.23 beta 1. htt

Re: unrar: some issues missing from security tracker data

Am 25.08.23 um 09:49 schrieb Salvatore Bonaccorso: Hi Chris, On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote: Hey. Unrar data in the security tracker seems to miss: CVE-2023-40477 https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ CVE-2023-38831 https://www.gro

DSA-5332 Missing from your cross references page

Hello, I am hoping you can help with an issue we are seeing. We are using your page (https://www.debian.org/security/crossreferences) for cross references of Debian Security Advisories so that we can link the advisories to impacted CVEs. We have noticed that the following Security Advisory is

Re: unrar: some issues missing from security tracker data

Hi Chris, On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote: > Hey. > > Unrar data in the security tracker seems to miss: > > CVE-2023-40477 https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ > CVE-2023-38831 https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-