[Git][security-tracker-team/security-tracker][master] 2 commits: unrar-free CVE-2017-1412[012] have been fixed in same version in Buster and...

Thu, 18 Feb 2021 14:57:55 -0800 


Thorsten Alteholz pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
518841d6 by Thorsten Alteholz at 2021-02-18T23:48:06+01:00
unrar-free CVE-2017-1412[012] have been fixed in same version in Buster and 
have a high NVD score, so also fixed in Stretch now

- - - - -
73400ada by Thorsten Alteholz at 2021-02-18T23:57:35+01:00
Reserve DLA-2567-1 for unrar-free

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -217798,7 +217798,6 @@ CVE-2017-14121 (The DecodeNumber function in 
unrarlib.c in unrar 0.0.1 (aka unra
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a 
directory tra ...)
        {DLA-1091-1}
        - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
-       [stretch] - unrar-free <no-dsa> (Minor issue)
        [jessie] - unrar-free <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
        NOTE: Proposed patch: 
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Feb 2021] DLA-2567-1 unrar-free - security update
+       {CVE-2017-14120 CVE-2017-14121 CVE-2017-14122}
+       [stretch] - unrar-free 1:0.0.1+cvs20140707-1+deb9u1
 [18 Feb 2021] DLA-2566-1 libbsd - security update
        {CVE-2019-20367}
        [stretch] - libbsd 0.8.3-1+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/120567089071fb99aaafbca126b31e190f048c5f...73400ada1530018ce4e7319823bedf9a6c254e4b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/120567089071fb99aaafbca126b31e190f048c5f...73400ada1530018ce4e7319823bedf9a6c254e4b
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to