Hello community, here is the log from the commit of package unrar for openSUSE:Factory:NonFree checked in at 2018-03-22 12:38:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory:NonFree/unrar (Old) and /work/SRC/openSUSE:Factory:NonFree/.unrar.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "unrar" Thu Mar 22 12:38:53 2018 rev:69 rq:589678 version:5.6.1 Changes: -------- --- /work/SRC/openSUSE:Factory:NonFree/unrar/unrar.changes 2017-08-16 16:29:21.681596858 +0200 +++ /work/SRC/openSUSE:Factory:NonFree/.unrar.new/unrar.changes 2018-03-22 12:38:55.556813785 +0100 @@ -1,0 +2,24 @@ +Tue Mar 20 14:43:31 UTC 2018 - kstreit...@suse.com + +- the following issues are completely fixed in the current unrar + release [bsc#1054038]: + * UnRAR before 5.5.7 allows remote attackers to bypass a + directory-traversal protection mechanism via vectors involving + a symlink to the . directory, a symlink to the .. directory, + and a regular file [CVE-2017-12938] + * UnRAR before 5.5.7 has an out-of-bounds read in + the EncodeFileName::Decode call within the + Archive::ReadHeader15 function [CVE-2017-12940] + * UnRAR before 5.5.7 has an out-of-bounds read in + the Unpack::Unpack20 function [CVE-2017-12941] + * UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ + function [CVE-2017-12942] +- it also fixes conditional jumps mentioned in [bsc#1046882] + +------------------------------------------------------------------- +Mon Mar 12 19:30:29 UTC 2018 - mvet...@suse.com + +- Update to 5.6.1: + * No upstream changelog + +------------------------------------------------------------------- Old: ---- unrarsrc-5.5.8.tar.gz New: ---- unrarsrc-5.6.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ unrar.spec ++++++ --- /var/tmp/diff_new_pack.njl4uQ/_old 2018-03-22 12:38:56.320786310 +0100 +++ /var/tmp/diff_new_pack.njl4uQ/_new 2018-03-22 12:38:56.320786310 +0100 @@ -18,10 +18,10 @@ # majorversion should match the major version number. %define majorversion 5 -%define libsuffix 5_5_8 +%define libsuffix 5_6_1 Name: unrar -Version: 5.5.8 +Version: 5.6.1 Release: 0 Summary: A program to extract, test, and view RAR archives License: SUSE-NonFree ++++++ unrarsrc-5.5.8.tar.gz -> unrarsrc-5.6.1.tar.gz ++++++ ++++ 2473 lines of diff (skipped)