Summary: | <app-arch/rar-6.12: extract directory traversal/file overwrite | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Vasilis Lourdas <bugs> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | conikost, jstein, whissi |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=843611 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 849689 |
Description
Vasilis Lourdas
2022-06-04 15:47:14 UTC
*** This bug has been marked as a duplicate of bug 843611 *** Oh, sorry. Not a dupe, but they should've gotten another CVE for the different packages affected. And the maintainer has not been around recently, feel free to make a PR for a bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16ed2b8e5a486f3b475dbc4c1458316e0079c51a commit 16ed2b8e5a486f3b475dbc4c1458316e0079c51a Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-06-05 14:03:06 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-06-05 14:06:06 +0000 app-arch/rar: drop 6.0.2_p20210611, 6.10_p20220124 Bug: https://bugs.gentoo.org/849686 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/rar/Manifest | 6 -- app-arch/rar/rar-6.0.2_p20210611.ebuild | 109 -------------------------------- app-arch/rar/rar-6.10_p20220124.ebuild | 109 -------------------------------- 3 files changed, 224 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=961a398fc3b2e1b95767fa06429f9bd8daec4a4a commit 961a398fc3b2e1b95767fa06429f9bd8daec4a4a Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-06-05 14:01:42 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-06-05 14:06:05 +0000 app-arch/rar: x86 stable Bug: https://bugs.gentoo.org/849686 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/rar/rar-6.12.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e2c5da3d2d50d56eeb8460540c5783f34430b74 commit 6e2c5da3d2d50d56eeb8460540c5783f34430b74 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-06-05 14:00:11 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-06-05 14:06:04 +0000 app-arch/rar: add 6.12 Bug: https://bugs.gentoo.org/849686 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/rar/Manifest | 3 ++ app-arch/rar/rar-6.12.ebuild | 121 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) Thanks! GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cdd606244f7dd25e671800d5ab92a7e8d6990eb commit 2cdd606244f7dd25e671800d5ab92a7e8d6990eb Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-04 ] RAR, UnRAR: Arbitrary File Overwrite Bug: https://bugs.gentoo.org/843611 Bug: https://bugs.gentoo.org/849686 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-04.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) |