Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 622382 - <app-arch/rar-5.5.0_beta4_p20170628: VMSF_DELTA filter in unrar allows arbitrary memory write (CVE-2012-6706)
Summary: <app-arch/rar-5.5.0_beta4_p20170628: VMSF_DELTA filter in unrar allows arbitr...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugs.chromium.org/p/project-z...
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks: CVE-2012-6706
  Show dependency tree
 
Reported: 2017-06-21 12:06 UTC by Thomas Deutschmann (RETIRED)
Modified: 2017-08-21 01:14 UTC (History)
2 users (show)

See Also:
Package list:
app-arch/rar-5.5.0_beta4_p20170628
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-21 12:06:42 UTC 
See $URL for details.

Fixed in RAR 5.50 beta 4.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-28 17:01:49 UTC 
Now in repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9788fad0f0f4710cc1a4598370133e599f8fe545


@ Arches,

please test and mark stable: =app-arch/rar-5.5.0_beta4_p20170628
Comment 2 Agostino Sarubbo gentoo-dev 2017-06-29 08:07:09 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-30 11:11:53 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev 2017-07-08 13:39:11 UTC 
Repository is now clean (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7558417b09b71302aae28fe2b871e73693e43253).

Added to an existing GLSA request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2017-08-21 01:14:54 UTC 
This issue was resolved and addressed in
 GLSA 201708-05 at https://security.gentoo.org/glsa/201708-05
by GLSA coordinator Thomas Deutschmann (whissi).