Your message dated Wed, 05 Jul 2017 05:47:28 +0000 with message-id <e1dsd9s-000gli...@fasolo.debian.org> and subject line Bug#865461: fixed in unrar-nonfree 1:5.2.7-0.1+deb8u1 has caused the Debian Bug report #865461, regarding unrar-nonfree: CVE-2012-6706: VMSF_DELTA filter in unrar allows arbitrary memory write to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 865461: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865461 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: unrar Version: 1:4.1.4-1+deb7u1 Severity: grave Tags: security Justification: user security hole The VMSF_DELTA filter in unrar allows arbitrary memory write. See the Google Project Zero report: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 This affects all Debian releases (verified with the provided test case on i386). Felix
--- End Message ---
--- Begin Message ---Source: unrar-nonfree Source-Version: 1:5.2.7-0.1+deb8u1 We believe that the bug you reported is fixed in the latest version of unrar-nonfree, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 865...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felix Geyer <fge...@debian.org> (supplier of updated unrar-nonfree package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 22 Jun 2017 20:47:18 +0200 Source: unrar-nonfree Binary: unrar Architecture: source amd64 Version: 1:5.2.7-0.1+deb8u1 Distribution: jessie Urgency: medium Maintainer: Martin Meredith <m...@debian.org> Changed-By: Felix Geyer <fge...@debian.org> Description: unrar - Unarchiver for .rar files (non-free version) Closes: 865461 Changes: unrar-nonfree (1:5.2.7-0.1+deb8u1) jessie; urgency=medium . * Add bound checks for VMSF_DELTA, VMSF_RGB and VMSF_AUDIO paramters. - Backported from 5.5.5 - CVE-2012-6706 - Closes: #865461 Checksums-Sha1: 7ae44052921a7de1019702cc42f280954d002f34 1809 unrar-nonfree_5.2.7-0.1+deb8u1.dsc ad582b097bc6047f9815788f2d3b23865df8c614 6368 unrar-nonfree_5.2.7-0.1+deb8u1.debian.tar.xz c8342c1a34ada7fde59b5311e2975bcdf71ff72b 123200 unrar_5.2.7-0.1+deb8u1_amd64.deb Checksums-Sha256: 81195f22888d7fa358a24f28e8d36068cf569490ce1d76e65d2f0920deb2c314 1809 unrar-nonfree_5.2.7-0.1+deb8u1.dsc 722675f592ff23dd9b92cd3febd9e5736b66b9771f0afd29cf3956f70790c800 6368 unrar-nonfree_5.2.7-0.1+deb8u1.debian.tar.xz fd2e9d6b488401d26d87f83d9bc60b55e0c607400df2874896b80e157f0be90d 123200 unrar_5.2.7-0.1+deb8u1_amd64.deb Files: 0eafae9a8805e908bce69f49e9e1b983 1809 non-free/utils optional unrar-nonfree_5.2.7-0.1+deb8u1.dsc 614a34e14497a35b99329dd195b6a29d 6368 non-free/utils optional unrar-nonfree_5.2.7-0.1+deb8u1.debian.tar.xz ba5715744dd7c93d9077d92589c76e32 123200 non-free/utils optional unrar_5.2.7-0.1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEFkxwUS95KUdnZKtW/iLG/YMTXUUFAllb/bUACgkQ/iLG/YMT XUVr0g/+Pkj1TFTPbt+L6hMgLiSWslVQPPz4aj8xVjm4yVBCxGHDUA7eU9wqdMzw y44SF4kta5BuZd/47HEdDsxYEY/sIqjsQdV9Ir6l89JburdyuAj7/LrHRGX82TP9 TEH1A7uC8B5DyGTTJHg3UCKFL/t1GEZriuUV8Os76PpmIbJzfZoIBbMqrNjq6d/H ROf+9+bWPw8ojWMrCL4ByBo3L1mxnHtE2Eif11aEVv4LLjXPeCMMDcBN3w49ZzwB Jb+8G7Tri1uAybyrDmJpyIj8X5VOg3AjVYwLdhH8uhIaG7vnsZwut5wfDeVzKOG7 GzCEJjCO69rnoytduL59mrQ21lYXB/h2dywVeP2/ES3clAhMbhgUOWyUF5ew7dqk Knso+y8/ntOK6xJenrCnEbE82cYKaKlZsEJQwdReFPc5kwf6/WOjNfqO3+wC4Dtr PFCtJmX/RpyFDy+ezwnrlw2rl4KGmz3vUlkTQa/uNe9zy4iPk0RCN9Au6KtA9cg+ prOB76AHJ9ByBwlHPDjAlTZDg6yQ4ICdXF8IRrz/JCUk7MtUpiP3pKSFVBOnbOkh uXKcxOFzNdWt9Pz1Ib7kDIDwaYVFMNrvHFLMn0yXzIsjKxjN37GpGyshAOpXYRuJ nNfIK5ov00g1xrOrRxwofviZWQLMHpd88A18nLCNftl0teX3BWo= =s/1t -----END PGP SIGNATURE-----
--- End Message ---
