[Pkg-clamav-devel] Bug#904213: stretch-pu: package libclamunrar/0.99-3+deb9u1
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Sat Jul 21 19:11:05 BST 2018
Package: release.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal
This is my proposed update libclamunrar in Stretch. I updated from old
version + patches to the latest clamav release and was able to drop all
patches. The changelog for 0.100.1 stated:
Buffer over-read in unRAR code due to missing max value checks in table
initialization. Reported by Rui Reis.
I don't know if this "just" an over read and nothing bad happens or if a
segfault is possible. The 0.100.0 changelog did not state any unrar
related changes but they made a few changes with no explanation. I feel
more comfortable to sychnronize with latest version as released by
clamav.
Please find a debdiff attached which has the autoconf and m4 changes
removed.
Sebastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: libclamunrar-0.100.1-0+deb9u1.patch
Type: text/x-diff
Size: 45300 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-clamav-devel/attachments/20180721/b1117f49/attachment-0001.patch>
More information about the Pkg-clamav-devel
mailing list