[Secure-testing-commits] r5442 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Feb 11 21:20:38 UTC 2007
Author: jmm-guest
Date: 2007-02-11 22:20:35 +0100 (Sun, 11 Feb 2007)
New Revision: 5442
Modified:
data/CVE/list
Log:
rar no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-11 21:12:40 UTC (rev 5441)
+++ data/CVE/list 2007-02-11 21:20:35 UTC (rev 5442)
@@ -15,7 +15,11 @@
NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
- rar <unfixed> (high)
+ [sarge] - rar <no-dsa> (Non-free)
+ [etch] - rar <no-dsa> (Non-free)
- unrar-nonfree <unfixed> (high; bug filed)
+ [sarge] - unrar-nonfree <no-dsa> (Non-free)
+ [etch] - unrar-nonfree <no-dsa> (Non-free)
NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
NOTE: which probably turns this into remote code execution
NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
More information about the Secure-testing-commits
mailing list