Package: unrar Version: 1:4.1.4-1+deb7u1 Severity: grave Tags: security Justification: user security hole
The VMSF_DELTA filter in unrar allows arbitrary memory write. See the Google Project Zero report: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 This affects all Debian releases (verified with the provided test case on i386). Felix