[Git][security-tracker-team/security-tracker][master] Reserve DLA-3534-1 for rar

Thu, 17 Aug 2023 08:25:23 -0700 


Markus Koschany pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
99a69ab4 by Markus Koschany at 2023-08-17T17:24:59+02:00
Reserve DLA-3534-1 for rar

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -94739,7 +94739,6 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and 
UNIX allows directory trav
        [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
        - rar 2:6.20~b1-0.1 (bug #1012228)
        [bullseye] - rar <no-dsa> (Non-free not supported)
-       [buster] - rar <no-dsa> (Non-free not supported)
        [stretch] - rar <no-dsa> (Non-free not supported)
        NOTE: 6.12 application version corresponds to 6.1.7 source version:
        NOTE: 
https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Aug 2023] DLA-3534-1 rar - security update
+       {CVE-2022-30333}
+       [buster] - rar 2:6.20-0.1~deb10u1
 [17 Aug 2023] DLA-3533-1 lxc - security update
        {CVE-2022-47952}
        [buster] - lxc 1:3.1.0+really3.0.3-8+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -166,11 +166,6 @@ rails (utkarsh)
   NOTE: 20221024: to break thrice in less than 2 month.
   NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the 
possible path forward. (utkarsh)
 --
-rar (Markus Koschany)
-  NOTE: 20230808: Added by Front-Desk (Beuc)
-  NOTE: 20230808: CVE-2022-30333 was tagged "Non-free not supported" but we 
have sponsors for this package in buster,
-  NOTE: 20230808: so it should be fixed. Fixed by 6.12, not sure there's a fix 
in the 5.x series. (Beuc/front-desk)
---
 ring (Thorsten Alteholz)
   NOTE: 20221120: Added by Front-Desk (ta)
   NOTE: 20230507: testing package



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a69ab45e6fda3e21b7efd8cf1d3698e3783822

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a69ab45e6fda3e21b7efd8cf1d3698e3783822
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to