Package: unrar Version: 1:3.7.3-1 Severity: normal Tags: security >From CVE-2007-3726:
"Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number." This is the same issue as CVE-2007-3725 for clamav (and you can likely use the patch from there). However for the standalone rar, a DoS is usually not much of a problem. Please mention the CVE id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
