This should be fixed in 5.21 upstream:
+ Version 5.21
+
+ 1. While previous versions could produce RAR5 volumes of slightly
+ smaller than requested size sometimes, such situation is less
+ likely now. In most cases volume size equals to specified by user.
+
+ 2. Now by default RAR
This has been passed on upstream, with no responses as it should have been
marked.
On 27 Dec 2016 3:21 p.m., "Moritz Mühlenhoff" wrote:
> On Mon, Dec 29, 2014 at 10:29:28PM +0100, Jakub Wilk wrote:
> > Package: rar
> > Version: 2:4.2.0-1
> > Tags: security
> >
> > RAR follows symlinks when unpac
On Mon, Dec 29, 2014 at 10:29:28PM +0100, Jakub Wilk wrote:
> Package: rar
> Version: 2:4.2.0-1
> Tags: security
>
> RAR follows symlinks when unpacking stuff, even the symlinks that were
> created during the same unpack process.
> It is therefore possible to create a malicious RAR archive that wi
Package: rar
Version: 2:4.2.0-1
Tags: security
RAR follows symlinks when unpacking stuff, even the symlinks that were
created during the same unpack process.
It is therefore possible to create a malicious RAR archive that will be
unpacked into arbitrary directory outside cwd.
Proof of concept
4 matches
Mail list logo