[Git][security-tracker-team/security-tracker][master] 2 commits: unrar-free CVE-2017-1412[012] have been fixed in same version in Buster and...

Thu Feb 18 22:57:46 GMT 2021


Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
518841d6 by Thorsten Alteholz at 2021-02-18T23:48:06+01:00
unrar-free CVE-2017-1412[012] have been fixed in same version in Buster and have a high NVD score, so also fixed in Stretch now

- - - - -
73400ada by Thorsten Alteholz at 2021-02-18T23:57:35+01:00
Reserve DLA-2567-1 for unrar-free

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -217798,7 +217798,6 @@ CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unra
 CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...)
 	{DLA-1091-1}
 	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
-	[stretch] - unrar-free <no-dsa> (Minor issue)
 	[jessie] - unrar-free <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1
 	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Feb 2021] DLA-2567-1 unrar-free - security update
+	{CVE-2017-14120 CVE-2017-14121 CVE-2017-14122}
+	[stretch] - unrar-free 1:0.0.1+cvs20140707-1+deb9u1
 [18 Feb 2021] DLA-2566-1 libbsd - security update
 	{CVE-2019-20367}
 	[stretch] - libbsd 0.8.3-1+deb9u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/120567089071fb99aaafbca126b31e190f048c5f...73400ada1530018ce4e7319823bedf9a6c254e4b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/120567089071fb99aaafbca126b31e190f048c5f...73400ada1530018ce4e7319823bedf9a6c254e4b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210218/1e72839f/attachment-0001.html>
