*** This bug is a security vulnerability *** Public security bug reported:
unrar-nonfree in Ubuntu 14.x (Trusty and Utopic) is old (current upstream version is 5.1.7) and can contain security issues. Please update to the latest upstream version from http://rarlab.com/rar_add.htm in Ubuntu 14.10 and backport to 14.04 LTS. I think this non-free package should be always kept up-to-date to cover security issues not maintained by the Security Team. Here are listed some improvements (see http://rarlabs.com/rarnew.htm for full list): Version 5.11 Bugs fixed: - RAR 5.10 failed to update self-extracting RAR archives containing nested ZIP archives stored without compression; - deleting a file in RAR5 solid archive containing files stored with -ver switch caused such files to lose version information; Version 5.10 - Added support for AES-NI CPU instructions allowing to improve RAR encryption and decryption performance. ** Affects: unrar-nonfree (Ubuntu) Importance: Undecided Status: New ** Affects: unrar-nonfree (Debian) Importance: Unknown Status: Unknown ** Information type changed from Private Security to Public Security ** Bug watch added: Debian Bug tracker #759586 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759586 ** Also affects: unrar-nonfree (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759586 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1368606 Title: unrar-nonfree in Ubuntu 14.x (Trusty and Utopic) is old and can have security issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unrar-nonfree/+bug/1368606/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
