Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#16521 closed enhancement (fixed)

unrar-6.1.7

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: elevated Milestone: 11.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (5)

comment:1 by Bruce Dubbs, 3 years ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 3 years ago

As usual, there are no release notes. A diff of this version with the previous one shows: 

+// For security purpose we prefer to be sure that CharToWide completed
+// successfully and even if it truncated a string for some reason,
+// it didn't affect the number of path related characters we analyze
+// in IsRelativeSymlinkSafe later.
+// This check is likely to be excessive, but let's keep it anyway.

comment:3 by Bruce Dubbs, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at commits 

c4c57d1563 Update to mutt-2.2.4.
e9c7577e45 Update to unixODBC-2.3.11.
e329cfce0a Update to stunnel-5.64.
d0fbf51458 Update to unrar-6.1.7.
34c78fe45d Update to plasma-wayland-protocols-1.7.0.

comment:4 by Douglas R. Reno, 3 years ago

Retroactively promoting to Elevated. This has been assigned CVE-2022-30333, and is a path traversal vulnerability. I discovered this from https://www.securityweek.com/unrar-vulnerability-exploited-wild-likely-against-zimbra-servers

comment:5 by Douglas R. Reno, 3 years ago

Priority: normalelevated
Note: See TracTickets for help on using tickets.