[Git][security-tracker-team/security-tracker][master] Reserve DLA-3534-1 for rar

Markus Koschany (@apo) apo at debian.org
Thu Aug 17 16:25:15 BST 2023 


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
99a69ab4 by Markus Koschany at 2023-08-17T17:24:59+02:00
Reserve DLA-3534-1 for rar

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -94739,7 +94739,6 @@ CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory trav
 	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
 	- rar 2:6.20~b1-0.1 (bug #1012228)
 	[bullseye] - rar <no-dsa> (Non-free not supported)
-	[buster] - rar <no-dsa> (Non-free not supported)
 	[stretch] - rar <no-dsa> (Non-free not supported)
 	NOTE: 6.12 application version corresponds to 6.1.7 source version:
 	NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[17 Aug 2023] DLA-3534-1 rar - security update
+	{CVE-2022-30333}
+	[buster] - rar 2:6.20-0.1~deb10u1
 [17 Aug 2023] DLA-3533-1 lxc - security update
 	{CVE-2022-47952}
 	[buster] - lxc 1:3.1.0+really3.0.3-8+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -166,11 +166,6 @@ rails (utkarsh)
   NOTE: 20221024: to break thrice in less than 2 month.
   NOTE: 20230131: Utkarsh to start a thread with sec+ruby team with the possible path forward. (utkarsh)
 --
-rar (Markus Koschany)
-  NOTE: 20230808: Added by Front-Desk (Beuc)
-  NOTE: 20230808: CVE-2022-30333 was tagged "Non-free not supported" but we have sponsors for this package in buster,
-  NOTE: 20230808: so it should be fixed. Fixed by 6.12, not sure there's a fix in the 5.x series. (Beuc/front-desk)
---
 ring (Thorsten Alteholz)
   NOTE: 20221120: Added by Front-Desk (ta)
   NOTE: 20230507: testing package



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a69ab45e6fda3e21b7efd8cf1d3698e3783822

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/99a69ab45e6fda3e21b7efd8cf1d3698e3783822
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230817/4c46db82/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list