Hello, > What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there > some > kind of public upstream VCS or can you ask upstream about it?
CVE site is not disclose info about this issue yet, but Zero Day Initiative already disclose this issue. > CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ > CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ In Zero Day Initiative report, they shows the fixes about these issues. > ADDITIONAL DETAILS 7-Zip has issued an update to correct this vulnerability. > More details can be found at: > https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ Updated 7-Zip 23.00beta is released in this sourceforge link. I want to upload 7-Zip 23.01 to Debian because 23.01 is non-beta version. -- YOKOTA Hiroshi
