> My mail was really just about the missing entry in the security
> tracker, as this CVE is now quite "famous" and people may look it up
> there (at the security tracker) and be unsure whether or not it is
> already fixed (which it is), especially since the changelog.Debian
> contains as of now
On Fri, 2023-08-25 at 20:47 +0900, yokota wrote:
> I was extracted 6.2.9 fix and apply it to Git for other UnRAR version
> that distributed in Debian 10,11,12.
> Please examine the fix from unrar-nonfree Git repository:
Thanks for fixing it so early (which I've had seen, btw). :-)
My mail was
Hello all,
> CVE-2023-40477 mentions to be in RAR4 recovery volume processing code, which
> is recvol.cpp in the
> unrar source. There was no 6.3 unrar source release yet...
WinRAR version number "6.23" is application version.
Upstream says CVE-2023-40477 was fixed in WinRAR 6.23 beta 1.
Am 25.08.23 um 09:49 schrieb Salvatore Bonaccorso:
Hi Chris,
On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote:
Hey.
Unrar data in the security tracker seems to miss:
CVE-2023-40477 https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
CVE-2023-38831
Hello,
I am hoping you can help with an issue we are seeing.
We are using your page (https://www.debian.org/security/crossreferences) for
cross references of Debian Security Advisories so that we can link the
advisories to impacted CVEs. We have noticed that the following Security
Advisory is
Hi Chris,
On Thu, Aug 24, 2023 at 04:02:22PM +0200, Christoph Anton Mitterer wrote:
> Hey.
>
> Unrar data in the security tracker seems to miss:
>
> CVE-2023-40477 https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
> CVE-2023-38831
CVE-2023-4320: missing from list
CVE-2023-4380: missing from list
--
The output might be a bit terse, but the above ids are known elsewhere,
check the references in the tracker. The second part indicates the status
of that id in the tracker at the moment the script was run.
7 matches
Mail list logo
