[Secure-testing-commits] r54854 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Aug 18 15:19:51 UTC 2017
Author: carnil
Date: 2017-08-18 15:19:51 +0000 (Fri, 18 Aug 2017)
New Revision: 54854
Modified:
data/CVE/list
Log:
Three more unrar-nonfree issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-18 15:16:50 UTC (rev 54853)
+++ data/CVE/list 2017-08-18 15:19:51 UTC (rev 54854)
@@ -1,3 +1,18 @@
+CVE-2017-12942 [buffer overflow in the Unpack::LongLZ function]
+ - unrar-nonfree <unfixed>
+ [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
+ [jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
+ NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+CVE-2017-12941 [out-of-bounds read in the Unpack::Unpack20 function]
+ - unrar-nonfree <unfixed>
+ [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
+ [jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
+ NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
+CVE-2017-12940 [out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function]
+ - unrar-nonfree <unfixed>
+ [stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
+ [jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
+ NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12938 [directory traversal]
- unrar-nonfree <unfixed>
[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
More information about the Secure-testing-commits
mailing list