#1010837 CVE-2022-30333 (unrar file write vulnerability) patch not yet available for Debian 10 packages #1010837
- Package:
- unrar
- Source:
- unrar-nonfree
- Submitter:
- Date:
- 2022-05-29 18:03:53 UTC
- Severity:
- grave
- Tags:
- Blocked By:
-
Bug Title 1010857 6
bullseye-pu: package unrar-nonfree/1:6.0.3-1+deb11u1 normal almost 4 years ago
package: unrar severity: grave tags: security---------- Forwarded Message --------- From: Simon Scannell <simon.scannell@sonarsource.com> Subject: CVE-2022-30333 (unrar file write vulnerability) patch not yet available for Debian 10 packages Date: May 11 2022, at 6:08 am To: mez@debian.org Cc: Vulnerability Research Team <vulnerability.research@sonarsource.com>
Hi Martin (2022.05.11_06:47:38_-0400) https://security-tracker.debian.org/tracker/CVE-2022-30333 So, that should probably be fixed in 1:6.1.7-1, not 1:6.1.2-1 SR
notfixed 1010837 1:6.1.2-1 fixed 1010837 1:6.1.7-1 thanks Thanks Stefano, I misread 6.12 as 6.1.2 - it's been a long week!
We believe that the bug you reported is fixed in the latest version of unrar-nonfree, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1010837@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. YOKOTA Hiroshi <yokota.hgml@gmail.com> (supplier of updated unrar-nonfree package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Tue, 10 May 2022 20:26:16 +0900 Source: unrar-nonfree Architecture: source Version: 1:6.0.3-1+deb11u1 Distribution: bullseye Urgency: high Maintainer: UnRar maintainer team <team+unrar-nonfree@tracker.debian.org> Changed-By: YOKOTA Hiroshi <yokota.hgml@gmail.com> Closes: 1010837 Changes: unrar-nonfree (1:6.0.3-1+deb11u1) bullseye; urgency=high . * Fix CVE-2022-30333 (Closes: #1010837) Checksums-Sha1: ee17fdc4b521a63ac0af502bb85d9a52e5800171 2343 unrar-nonfree_6.0.3-1+deb11u1.dsc b64c1bd7b4df78e3e228df5495591ec73e9c5535 10472 unrar-nonfree_6.0.3-1+deb11u1.debian.tar.xz e3f33ee836ccf0732fbdbd5fb8715cb9ac453d81 5656 unrar-nonfree_6.0.3-1+deb11u1_source.buildinfo Checksums-Sha256: 25d0659782d6b07a6772e994bb27cb668037790d4e9665f73ef76189a07d1e34 2343 unrar-nonfree_6.0.3-1+deb11u1.dsc d7b04a071d770b75b0b3fc3aee5ecce20c2a74fc875d6277f9c96954deee2575 10472 unrar-nonfree_6.0.3-1+deb11u1.debian.tar.xz f66a5401d49a57d1619527d8b1241fe186683e2901edda62afb69403f3304b04 5656 unrar-nonfree_6.0.3-1+deb11u1_source.buildinfo Files: 151645b25a458c7b1e193202b45335fe 2343 non-free/utils optional unrar-nonfree_6.0.3-1+deb11u1.dsc a9665e3a45c512ca6b88b558c17f883e 10472 non-free/utils optional unrar-nonfree_6.0.3-1+deb11u1.debian.tar.xz 02732f88a165fa9d2dcefd92ce9f3dae 5656 non-free/utils optional unrar-nonfree_6.0.3-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJKBAEBCgA0FiEErjlfKHqxT11VFyPEqem2T5LebcoFAmKS69cWHHlva290YS5o Z21sQGdtYWlsLmNvbQAKCRCp6bZPkt5tyqs2EACsqs+0OfW8uNVr5ypQ7yhtfD/5 qFgj3a50x2s+H5lEH1U79niTL3+ZlWdpYhjD7iUfVsl21uLWawckYJXlN420VrVh fRSrdXGp1TANnMnr1Vsi0TqoTzswJo+LfEdcwnoEETlMP+2nd07gdpcGnv9uEsF9 yNwmtht3RKn05+SGFTfrlN4mGs95xgh83B9CLUl3wHbrphq3V9h1aRrdJZC4FOd3 qKtd2/zRrruRVuQRRupgFuRMpJvJBoBHnpXAU3bmHxKamXHOaembxvVh3l5MBi4C 3tuXXaz86kvYQvPS1kd7dCpZ7IYUnT+vjduuO0EJ7xG9eggvJkuaeKtcZNm4+E4B dr2K+BFXJDoSQDIYZMEAXovhNHYJsCaFku8u8Y9xdpOT3ZyqKqHwz/9Lb7kvP5tV g1ADEHLucRoeaHpViu/RnySXc+Jh08/Cc8/jRPCYh2y9KayUiYfZaqep1MKCqMIg cj61ssFTPqZWyve+1YpfDP4yLQen+6XWFBM7BV9ToLkeh2fHSd5XhtIaxhJSkmzW EAA4UEaDeuKhA/jsBlNzz4eTFccKc5SVGbNd1lr3eHtSBLuq51DuXuPLOHoQQ6N3 L67RZT8jZDek40iUzOhW5M3cpzwQae5tqMoWy3xtEYkSa7f0RtL1DSQ/hedM81jV Wo/gOrzXN42Rzt5+MQ== =OFXb -----END PGP SIGNATURE-----