Debian Bug report logs -
#995065
unrar-free: CVE-2017-11190 fix
Reported by: Bastian Germann <bastiangermann@fishpost.de>
Date: Sat, 25 Sep 2021 15:09:04 UTC
Severity: minor
Found in version unrar-free/1:0.0.1+cvs20140707-4
Fixed in version unrar-free/1:0.0.2-0.1
Done: Bastian Germann <bage@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Ying-Chun Liu (PaulLiu) <paulliu@debian.org>:
Bug#995065; Package unrar-free.
(Sat, 25 Sep 2021 15:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Bastian Germann <bastiangermann@fishpost.de>:
New Bug report received and forwarded. Copy sent to Ying-Chun Liu (PaulLiu) <paulliu@debian.org>.
(Sat, 25 Sep 2021 15:09:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: unrar-free
Severity: minor
Version: 1:0.0.1+cvs20140707-4
At https://gitlab.com/bgermann/unrar-free/-/commit/e4b3d2d974780af1 you
can find a fix for CVE-2017-11190 which is unproblematic because the
debug code is not compiled in Debian.
Reply sent
to Bastian Germann <bage@debian.org>:
You have taken responsibility.
(Sat, 09 Oct 2021 21:09:04 GMT) (full text, mbox, link).
Notification sent
to Bastian Germann <bastiangermann@fishpost.de>:
Bug acknowledged by developer.
(Sat, 09 Oct 2021 21:09:04 GMT) (full text, mbox, link).
Message #10 received at 995065-close@bugs.debian.org (full text, mbox, reply):
Source: unrar-free
Source-Version: 1:0.0.2-0.1
Done: Bastian Germann <bage@debian.org>
We believe that the bug you reported is fixed in the latest version of
unrar-free, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 995065@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Germann <bage@debian.org> (supplier of updated unrar-free package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 Oct 2021 21:30:58 +0200
Source: unrar-free
Architecture: source
Version: 1:0.0.2-0.1
Distribution: unstable
Urgency: medium
Maintainer: Ying-Chun Liu (PaulLiu) <paulliu@debian.org>
Changed-By: Bastian Germann <bage@debian.org>
Closes: 874065 995065 995801
Changes:
unrar-free (1:0.0.2-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Change to new upstream (Closes: #874065)
* debian/copyright: Add Info-Zip (Closes: #995801)
* Drop Debian patches and manpage (contained in new upstream)
* Fix CVE-2017-11190 (Closes: #995065)
* debian/README.Debian: drop outdated file
* Remove outdated pike versions from Suggests
* The unar forwarding is dropped upstream, so drop Recommends
* Raise debhelper version to 10; 9 is deprecated
Checksums-Sha1:
4a792a7739894578f3ab4e34da90d7eeae9b8e78 1689 unrar-free_0.0.2-0.1.dsc
e59bc994b8dcc65e93d63ed40d3284fdd029a686 34036 unrar-free_0.0.2.orig.tar.gz
d23f2cb44ce000d3e49bf700fcc4c0e1adf966b3 6256 unrar-free_0.0.2-0.1.debian.tar.xz
c1d29852a8ca1faa6f453e79ad568206fba3ab8f 5391 unrar-free_0.0.2-0.1_source.buildinfo
Checksums-Sha256:
e90dc1fbb062fb23cf958d3dc52a6efd5a27ce33b0628b671a208a5917e2b51b 1689 unrar-free_0.0.2-0.1.dsc
47120c037060fa809b88a12657464a9e66a5dd6d17b550e6c5ecaa84a2026a01 34036 unrar-free_0.0.2.orig.tar.gz
02cf0d5acde1fcd87ab5234332e7d9b2ed470d63296110175905fad854dc9f77 6256 unrar-free_0.0.2-0.1.debian.tar.xz
ddb6785a55f3f1ca3fda28151fd0ef547994f6b5ef024e24f82f932957fff98b 5391 unrar-free_0.0.2-0.1_source.buildinfo
Files:
6a91cee6d703becbe4d4f1e241f3d1ed 1689 utils optional unrar-free_0.0.2-0.1.dsc
048bc12002ebc66627773747f2885cce 34036 utils optional unrar-free_0.0.2.orig.tar.gz
605efafa44d1d1155126f1041dd70192 6256 utils optional unrar-free_0.0.2-0.1.debian.tar.xz
bae3c707ac2fd00d9bfc4b88843393d4 5391 utils optional unrar-free_0.0.2-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmFh/H0ACgkQH1x6i0VW
QxQlYgwA1iafcPT0tiQf4uZI41xoPwQm5NTyQeIKMhkABFBuC3RP0LI1iwqHzQnL
skXezVcdF9MapUT8yWmj+3SbEoK42m3HGl7dGTYIdN0mkfiV5dLho3eDJfW2QwWt
OSpCHNU0tza5ig/9fOFI3VI6MLhRX2KFyDwxcKu+7Bq5u7FmYEWodVQrQmGqYb3Z
+sMwvwuidzT0pEoEIeTW1AhPwt2FZTGPKmAYt9a8y+0HqunbemCtgD86Whkw4zQb
6q2tpncQ4ZQ90bRcNX72Gag7AzdOfwTdGByeD8kmnzKQ988ZEPs2UXMhdGJBpBjN
24cVtyV4W0k51ewonb7Ksz6vBulf8HLE+hs02bVy5nBspukWMfHHtV2Iuct4CKRZ
Mq8TVH2zKibQI6CN3nwn+DXrT/Uc2mLXYHARllff4YqLVhKaZITQUm58aB4yaOcO
9wNQgFH49Obr6lImtaJ+6pJw0P8rFhfu8j6ORuQylzNNF+I0jhKZ+xUm188R9FCs
a8WrmTS9
=FM8U
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Oct 10 14:02:39 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon