Hi, Version 6.12 fixes the CVE-2022-30333 advisory with a high security rating (7.5). Could we please have it in the tree? Thank you!
*** This bug has been marked as a duplicate of bug 843611 ***
Oh, sorry. Not a dupe, but they should've gotten another CVE for the different packages affected.
And the maintainer has not been around recently, feel free to make a PR for a bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16ed2b8e5a486f3b475dbc4c1458316e0079c51a commit 16ed2b8e5a486f3b475dbc4c1458316e0079c51a Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-06-05 14:03:06 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-06-05 14:06:06 +0000 app-arch/rar: drop 6.0.2_p20210611, 6.10_p20220124 Bug: https://bugs.gentoo.org/849686 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/rar/Manifest | 6 -- app-arch/rar/rar-6.0.2_p20210611.ebuild | 109 -------------------------------- app-arch/rar/rar-6.10_p20220124.ebuild | 109 -------------------------------- 3 files changed, 224 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=961a398fc3b2e1b95767fa06429f9bd8daec4a4a commit 961a398fc3b2e1b95767fa06429f9bd8daec4a4a Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-06-05 14:01:42 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-06-05 14:06:05 +0000 app-arch/rar: x86 stable Bug: https://bugs.gentoo.org/849686 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/rar/rar-6.12.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e2c5da3d2d50d56eeb8460540c5783f34430b74 commit 6e2c5da3d2d50d56eeb8460540c5783f34430b74 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-06-05 14:00:11 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-06-05 14:06:04 +0000 app-arch/rar: add 6.12 Bug: https://bugs.gentoo.org/849686 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/rar/Manifest | 3 ++ app-arch/rar/rar-6.12.ebuild | 121 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 124 insertions(+)
Thanks!
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=2cdd606244f7dd25e671800d5ab92a7e8d6990eb commit 2cdd606244f7dd25e671800d5ab92a7e8d6990eb Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-09-17 05:24:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-09-17 05:26:26 +0000 [ GLSA 202309-04 ] RAR, UnRAR: Arbitrary File Overwrite Bug: https://bugs.gentoo.org/843611 Bug: https://bugs.gentoo.org/849686 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202309-04.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)