Bug#990541: cve was addressed upstream

2021-12-06 Thread Salvatore Bonaccorso
Hi On Tue, Dec 07, 2021 at 09:06:41AM +0900, yokota wrote: > > For stretch, you would have to provide a patch based on the 5.6.6 change. > > Do you know how to upload to stretch-update? > I found how to upload to bullseye/buster by "reportbug" package, but > not stretch. > Or it's too late to

Bug#990541: cve was addressed upstream

2021-12-06 Thread Salvatore Bonaccorso
Hi, On Tue, Dec 07, 2021 at 12:29:20AM +0100, Bastian Germann wrote: > On 07.12.21 00:22, yokota wrote: > > Hi, > > > > > stretch is vulnerable (test case; misleading min. version in CVE > > > description) and bullseye is > > > vulnerable according to the CVE description. > > > > Do we needs

Bug#990541: cve was addressed upstream

2021-12-06 Thread Salvatore Bonaccorso
Hi, On Tue, Dec 07, 2021 at 08:00:15AM +0900, yokota wrote: > Hi, > > > Can you give more information here? Where was it fixed? > > I make autopkgtest `debian/tests/CVE-2018-25018.sh` and pass this test. > > You can check this test code from "unrar-nonfree" source package or: > >

Bug#990541: cve was addressed upstream

2021-12-06 Thread yokota
> For stretch, you would have to provide a patch based on the 5.6.6 change. Do you know how to upload to stretch-update? I found how to upload to bullseye/buster by "reportbug" package, but not stretch. Or it's too late to upload to stretch? -- YOKOTA Hiroshi

Bug#990541: cve was addressed upstream

2021-12-06 Thread Bastian Germann
On 07.12.21 00:22, yokota wrote: Hi, stretch is vulnerable (test case; misleading min. version in CVE description) and bullseye is vulnerable according to the CVE description. Do we needs unurar-nonfree 6.0.4 for stretch/bullseye? I can make stretch/bullseye-update package for next point

Bug#990541: cve was addressed upstream

2021-12-06 Thread yokota
Hi, > stretch is vulnerable (test case; misleading min. version in CVE description) > and bullseye is > vulnerable according to the CVE description. Do we needs unurar-nonfree 6.0.4 for stretch/bullseye? I can make stretch/bullseye-update package for next point release. -- YOKOTA Hiroshi

Bug#990541: cve was addressed upstream

2021-12-06 Thread Bastian Germann
Control: tags -1 stretch bullseye Control: fixed -1 1:5.6.6-1 On 06.12.21 20:56, Salvatore Bonaccorso wrote: Hi, On Mon, Sep 20, 2021 at 05:01:35PM +0200, Bastian Germann wrote: fixed 990541 unrar-nonfree/1:6.0.4-1 Can you give more information here? Where was it fixed? It was fixed in

Bug#990541: cve was addressed upstream

2021-12-06 Thread yokota
Hi, > Can you give more information here? Where was it fixed? I make autopkgtest `debian/tests/CVE-2018-25018.sh` and pass this test. You can check this test code from "unrar-nonfree" source package or: https://sources.debian.org/src/unrar-nonfree/1:6.1.2-1/debian/tests/CVE-2018-25018.sh/

Bug#990541: cve was addressed upstream

2021-12-06 Thread Salvatore Bonaccorso
Hi, On Mon, Sep 20, 2021 at 05:01:35PM +0200, Bastian Germann wrote: > fixed 990541 unrar-nonfree/1:6.0.4-1 Can you give more information here? Where was it fixed? Regards, Salvatore