1) I assume ASSP will be okay with this and unrar is only used if libarchive fails and 7zip fails - any version of unrar.exe should be fine
2) was this necessary? IMHO no. Thomas Von: "K Post" <nntp.p...@gmail.com> An: "ASSP development mailing list" <assp-test@lists.sourceforge.net> Datum: 24.04.2019 22:54 Betreff: Re: [Assp-test] rar vulnerability Thomas? On Fri, Apr 5, 2019 at 8:50 PM K Post <nntp.p...@gmail.com> wrote: There's a vulnerability in WinRar prior to Feb 2019, dating back 19 years. https://nvd.nist.gov/vuln/detail/CVE-2018-20252 The strawberry perl distribution made available in CVS uses unrar.exe from WinRar from 2016. I replaced this exe with the one from the latest WinRar distribution. 1) I assume ASSP will be okay with this and 2) was this necessary? I know the vulnerability was in a separate dll, but I don't know if that dll code is rolled into unrar or what. _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! *******************************************************
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
