Bug#865461: marked as done (unrar-nonfree: CVE-2012-6706: VMSF_DELTA filter in unrar allows arbitrary memory write)

[Debian Bug Tracking System]

Your message dated Thu, 22 Jun 2017 18:22:46 +0000
with message-id <e1do6kh-0004wh...@fasolo.debian.org>
and subject line Bug#865461: fixed in unrar-nonfree 1:5.5.5-1
has caused the Debian Bug report #865461,
regarding unrar-nonfree: CVE-2012-6706: VMSF_DELTA filter in unrar allows 
arbitrary memory write
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
865461: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865461
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: unrar
Version: 1:4.1.4-1+deb7u1
Severity: grave
Tags: security
Justification: user security hole

The VMSF_DELTA filter in unrar allows arbitrary memory write.

See the Google Project Zero report:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6

This affects all Debian releases (verified with the provided test case on i386).

Felix

--- End Message ---

--- Begin Message ---

Source: unrar-nonfree
Source-Version: 1:5.5.5-1

We believe that the bug you reported is fixed in the latest version of
unrar-nonfree, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 865...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Martin Meredith <m...@debian.org> (supplier of updated unrar-nonfree package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Jun 2017 18:07:52 +0100
Source: unrar-nonfree
Binary: unrar
Architecture: amd64 i386 source
Version: 1:5.5.5-1
Distribution: unstable
Urgency: high
Maintainer: Martin Meredith <m...@debian.org>
Changed-By: Martin Meredith <m...@debian.org>
Closes: 865461
Description: 
 unrar      - Unarchiver for .rar files (non-free version)
Changes:
 unrar-nonfree (1:5.5.5-1) unstable; urgency=high
 .
   * New upstream release
   * Security update for CVE-2012-6706 (Closes: #865461)
Checksums-Sha1: 
 04534da7fa06d66d3172f78aa6b01b90433c9cba 1765 unrar-nonfree_5.5.5-1.dsc
 819a168b5cc66861079c6d3057e4818b2e8dbfc0 220377 unrar-nonfree_5.5.5.orig.tar.gz
 9f9d4ae33c0c304848e1001b8e472fe31331aafe 5648 
unrar-nonfree_5.5.5-1.debian.tar.xz
 6e5e3c9b9fa9f94f4e27f00ae6d07b2b98aaa86f 4505 
unrar-nonfree_5.5.5-1_amd64.buildinfo
 c588edb234e34fad58773968ea0e825d03b9c987 129910 unrar_5.5.5-1_amd64.deb
 7733fb8bb3f692799b0c83779357d0b8fe37b9f6 4454 
unrar-nonfree_5.5.5-1_i386.buildinfo
 9b8398f41b3c82b4e0151ce458b18ed47f3b84e1 144480 unrar_5.5.5-1_i386.deb
Checksums-Sha256: 
 0e350e972edd08318646692771a6e44156ab3283fae6f0fd542c3a8ce1e3b3eb 1765 
unrar-nonfree_5.5.5-1.dsc
 a4553839cb2f025d0d9c5633816a83a723e3938209f17620c8c15da06ed061ef 220377 
unrar-nonfree_5.5.5.orig.tar.gz
 087251e1fb9edfe3c60e64f705caeab23270a2c4d9ecaae1d8f7364d712bfc5f 5648 
unrar-nonfree_5.5.5-1.debian.tar.xz
 31c743dad8db9e1f24af90f9d7c00a5370673e91638bc3dd90a681d4364be6c1 4505 
unrar-nonfree_5.5.5-1_amd64.buildinfo
 f907ac435368736dc1b60926b366a67c24c477bdb924da74988c4a68fda5554c 129910 
unrar_5.5.5-1_amd64.deb
 3f43086ae07bec715959808f906e9c26b254fbcf6567f46ae0243f9158790e85 4454 
unrar-nonfree_5.5.5-1_i386.buildinfo
 c0ebed11344abe1ba7e6ede516a488a4ea30c83c1ed050c65edcb2c4a0163a3e 144480 
unrar_5.5.5-1_i386.deb
Files: 
 39d4ea452d631b1d36a8e1894dd2107d 1765 non-free/utils optional 
unrar-nonfree_5.5.5-1.dsc
 d741dfe5f09bc24679ac5d0158c88f20 220377 non-free/utils optional 
unrar-nonfree_5.5.5.orig.tar.gz
 4d94d3dadc7162bf976371a966609ae6 5648 non-free/utils optional 
unrar-nonfree_5.5.5-1.debian.tar.xz
 6796d7cfc035073e348053fbe9cf855c 4505 non-free/utils optional 
unrar-nonfree_5.5.5-1_amd64.buildinfo
 c28c7c1fc227ee7a6db3c5ee8b1d6e26 129910 non-free/utils optional 
unrar_5.5.5-1_amd64.deb
 2a018764eaf108562f10570c0e423ba9 4454 non-free/utils optional 
unrar-nonfree_5.5.5-1_i386.buildinfo
 2a283f8c2dc1570e04d532c4eb860d5d 144480 non-free/utils optional 
unrar_5.5.5-1_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIsBAEBCgAWBQJZTAYuDxxtZXpAZGViaWFuLm9yZwAKCRA1wbPDvzZJoBl9EACk
CdpaWilvquRN9zoBFAkB1LfguTrx4BNYRF2vU20RQDTWVYjbBfJMxeG0m4toSZVE
55A3FwXgLeBGc7YGoxjgInOZ0mq3vlDdHpMsB0LqgbtSEKk0z8epR//dXKTe3EPj
qZ+ZYAX69wE37hAxLgyMHhUvI74YKClEkCxlLOHs8uR4OoMQI8TV9E3S0Glr9Qog
1DTINrsuZQoe5Mn3kNzvkamcqZWB0i9l5q+EfCAIpaCAKIe+nRdql28ByHwny4Ie
6VamuPVHSIHCMMswdtDJuwQCRipOfGeghGdOFS4ix6SKI8DA7Z2PgctjHELU8y9o
rG1qOojaMe+mv+thXewBy0QZQj829dewP2gVntIZitvYHoDGLqeYgJ7N38OFuJMF
9ZVoGiwT24jXai6yiYBv5aJDyLANRebtx48TlUHMEOMfuRusP3AHTVgudaqS+QH6
C1TYHoVD2tBJmR0Nr1AYWD2a0vmBdyOB4HzTJj52QW0Ct07Ee5D5okhflWvtH4x2
MWU3oqoRRxIGFzV65tzDnn1PtKm3wvU/25VVohWkeuDjIrIbYF+rxQYHgB7jJVyS
C14g5n7ZGSXP8MN20oxHPzpnLO7Cv19d2qk4zW1kePSBUVt1i9ng63rb4y0Q1BhM
PQ+T72T5EuU8ixx8XNMAKhjYII1RJZPwthDpaG3GUg==
=MfpX
-----END PGP SIGNATURE-----

--- End Message ---