thanks. On Thu, Apr 25, 2019 at 12:32 AM Thomas Eckardt <thomas.ecka...@thockar.com> wrote:
> 1) I assume ASSP will be okay with this and > > unrar is only used if libarchive fails and 7zip fails - any version of > unrar.exe should be fine > > 2) was this necessary? > > IMHO no. > > Thomas > > > > > > > Von: "K Post" <nntp.p...@gmail.com> > An: "ASSP development mailing list" < > assp-test@lists.sourceforge.net> > Datum: 24.04.2019 22:54 > Betreff: Re: [Assp-test] rar vulnerability > ------------------------------ > > > > Thomas? > > On Fri, Apr 5, 2019 at 8:50 PM K Post <*nntp.p...@gmail.com* > <nntp.p...@gmail.com>> wrote: > There's a vulnerability in WinRar prior to Feb 2019, dating back 19 > years. *https://nvd.nist.gov/vuln/detail/CVE-2018-20252* > <https://nvd.nist.gov/vuln/detail/CVE-2018-20252> > > The strawberry perl distribution made available in CVS uses unrar.exe from > WinRar from 2016. I replaced this exe with the one from the latest WinRar > distribution. > 1) I assume ASSP will be okay with this and > 2) was this necessary? I know the vulnerability was in a separate dll, > but I don't know if that dll code is rolled into unrar or what. > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test > > > > > DISCLAIMER: > ******************************************************* > This email and any files transmitted with it may be confidential, legally > privileged and protected in law and are intended solely for the use of the > individual to whom it is addressed. > This email was multiple times scanned for viruses. There should be no > known virus in this email! > ******************************************************* > > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test >
_______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
