First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 140325
Alias:
Product:
Component:
Status: RESOLVED
Resolution: INVALID
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Arthur Koziel <arthur@arthurkoziel.de>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 140325 depends on: Show dependency tree
Bug 140325 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-07-14 02:40 0000 
Please bump unrar to 3.6.7 (beta 7). This version fixes a Stack overflow
vulnerability:

Version 3.60 beta 7

1. Stack overflow vulnerability has been corrected in WinRAR module
   processing LZH archives. We thank Ryan Smith, www.hustlelabs.com,
   for reporting this problem.

Renaming the ebuild worked fine!

------- Comment #1 From SpanKY 2006-07-14 22:05:24 0000 ------- 
3.6.7 in portage ... not sure if security team wants to do anything

------- Comment #2 From Stefan Cornelius (RETIRED) 2006-07-23 12:46:40 0000 ------- 
are we vulnerable? afaik, unrar only unpacks *.rar archives, while the
vulnerarbility was reported for the LHA unpacking functionality of WinRAR,
which seems to be not included in this unrar package.

------- Comment #3 From Sune Kloppenborg Jeppesen 2006-07-24 06:48:32 0000 ------- 
base-system please advise.

------- Comment #4 From SpanKY 2006-07-30 15:28:53 0000 ------- 
yes, it would appear that way ... unrar doesnt work on lzh archives

------- Comment #5 From Sune Kloppenborg Jeppesen 2006-07-31 00:48:02 0000 ------- 
Thx Mike.
First Last Prev Next    No search results available      Search page      Enter new bug