unrar: Fix CVE-2022-48579 for Debian 11

Debian Bug report logs - #1050080
unrar: Fix CVE-2022-48579 for Debian 11

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: YOKOTA Hiroshi <yokota.hgml@gmail.com>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: unrar: Fix CVE-2022-48579 for Debian 11

Date: Sat, 19 Aug 2023 22:04:40 +0900

Package: unrar
Version: 1:6.0.3-1+deb11u1
Severity: normal
X-Debbugs-Cc: yokota.hgml@gmail.com, apo@debian.org, team@security.debian.org


CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10
by Debian LTS team ( DLA-3535-1 ).
The fix patch for Debian 10 can be apply for Debian 11.

Fix patch for CVE-2022-48579
Debian 10: https://github.com/debian-calibre/unrar-
nonfree/commit/28eb57cb85aa656b7cda0e2f6a282c09f7351272
Debian 11: https://github.com/debian-calibre/unrar-
nonfree/commit/5daa9b93c099bd0219528d26778835ca1f6896da


FYI: CVE-2022-48579 was already fixed in 1:6.2.3-1 in Debian sid.

--
YOKOTA Hiroshi

Message #10 received at 1050080@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: YOKOTA Hiroshi <yokota.hgml@gmail.com>, 1050080@bugs.debian.org

Subject: Re: Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11

Date: Sat, 19 Aug 2023 15:15:14 +0200

Hi,

On Sat, Aug 19, 2023 at 10:04:40PM +0900, YOKOTA Hiroshi wrote:
> Package: unrar
> Version: 1:6.0.3-1+deb11u1
> Severity: normal
> X-Debbugs-Cc: yokota.hgml@gmail.com, apo@debian.org, team@security.debian.org
> 
> 
> CVE-2022-48579 was fixed at unrar-nonfree/1:5.6.6-1+deb10u2 in Debian 10
> by Debian LTS team ( DLA-3535-1 ).
> The fix patch for Debian 10 can be apply for Debian 11.
> 
> Fix patch for CVE-2022-48579
> Debian 10: https://github.com/debian-calibre/unrar-
> nonfree/commit/28eb57cb85aa656b7cda0e2f6a282c09f7351272
> Debian 11: https://github.com/debian-calibre/unrar-
> nonfree/commit/5daa9b93c099bd0219528d26778835ca1f6896da
> 
> 
> FYI: CVE-2022-48579 was already fixed in 1:6.2.3-1 in Debian sid.

FWIW, does not warrant a DSA, but can be fixed via upcoming point
release.

Regards,
Salvatore

Message #19 received at 1050080@bugs.debian.org (full text, mbox, reply):

From: yokota <yokota.hgml@gmail.com>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 1050080@bugs.debian.org

Subject: Re: Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11

Date: Sat, 19 Aug 2023 22:20:05 +0900

Hello Salvatore,

> FWIW, does not warrant a DSA, but can be fixed via upcoming point
> release.

Thank you.
I will try to do that.

--
YOKOTA Hiroshi

Message #24 received at 1050080@bugs.debian.org (full text, mbox, reply):

From: Markus Koschany <apo@debian.org>

To: YOKOTA Hiroshi <yokota.hgml@gmail.com>, 1050080@bugs.debian.org

Subject: Re: Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11

Date: Sat, 19 Aug 2023 15:29:01 +0200

[Message part 1 (text/plain, inline)]

Hello,

I wanted to prepare a fix for CVE-2022-48579 in Bullseye and release it via a
bullsye point update. Do you want to take care of the upload instead?

Regards,

Markus

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 1050080@bugs.debian.org (full text, mbox, reply):

From: yokota <yokota.hgml@gmail.com>

To: Markus Koschany <apo@debian.org>, 1050080@bugs.debian.org

Subject: Re: Bug#1050080: unrar: Fix CVE-2022-48579 for Debian 11

Date: Sun, 20 Aug 2023 09:17:24 +0900

Hello Markus,

> I wanted to prepare a fix for CVE-2022-48579 in Bullseye and release it via a
> bullsye point update. Do you want to take care of the upload instead?

Thank you.
So, please upload bullseye fix via point update by you.

My current Git status is here.
https://github.com/debian-calibre/unrar-nonfree/tree/bullseye-update

Close this bug report when the bug was fixed.

--
YOKOTA Hiroshi

Send a report that this bug log contains spam.