[Git][security-tracker-team/security-tracker][master] Add CVE-2024-33899/unrar-nonfree

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
84fd73d0 by Salvatore Bonaccorso at 2024-07-30T07:13:45+02:00
Add CVE-2024-33899/unrar-nonfree

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -28773,7 +28773,9 @@ CVE-2024-33904 (In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c
 CVE-2024-33903 (In CARLA through 0.9.15.2, the collision sensor mishandles some situat ...)
 	NOT-FOR-US: CARLA (carla-simulator)
 CVE-2024-33899 (RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attacke ...)
-	TODO: check
+	- unrar-nonfree <undetermined>
+	NOTE: https://sdushantha.medium.com/ansi-escape-injection-vulnerability-in-winrar-a2cbfac4b983
+	TODO: check which version fixes this, advisory say it is patched on 28th February 2024
 CVE-2024-33891 (Delinea Secret Server before 11.7.000001 allows attackers to bypass au ...)
 	NOT-FOR-US: Delinea Secret Server
 CVE-2024-33686 (Missing Authorization vulnerability in Extend Themes Pathway, Extend T ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84fd73d0c31b57935ad699193fb635db328326f3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/84fd73d0c31b57935ad699193fb635db328326f3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240730/321648b8/attachment.htm>