On 2017-07-05 08:36:28 [+0100], Chris Lamb wrote: > Dear maintainer(s), Hi,
> The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of libclamunrar: > https://security-tracker.debian.org/tracker/source-package/libclamunrar > > Would you like to take care of this yourself? No, sorry. > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. This https://anonscm.debian.org/cgit/pkg-clamav/libclamunrar.git/tree/debian/patches?h=jessie points to patches folder I intend to push for Jessie. Wheezy should be the same thing. The thing in the tracker is unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch however I also recommend that you add the other four patches as well (they are part of Jessie+). This fixes an out-of-band memory access and upstream did not make a fuss about it. > Chris Lamb, > on behalf of the Debian LTS team. Sebastian
