package: unrar
severity: grave
tags: security
-- Forwarded Message -
From: Simon Scannell
Subject: CVE-2022-30333 (unrar file write vulnerability) patch not yet
available for Debian 10 packages
Date: May 11 2022, at 6:08 am
To: m...@debian.org
Cc: Vulnerability Research Team
>
.0/debian/control rar-5.5.0/debian/control
--- rar-5.5.0/debian/control2017-05-04 04:52:05.0 +0200
+++ rar-5.5.0/debian/control2021-10-13 18:41:25.0 +0200
@@ -4,8 +4,7 @@
Maintainer: Martin Meredith
Build-Depends: debhelper (>= 9)
Standards-Version: 3.9.8
-Homepage: ht
Hi there!
Seems there's a little confusion regarding the "rar" and
"unrar-nonfree" packages.
the "rar" package is basically packaged binaries for rar. This is the
only way that rarlabs provides them - and should be considered the
"source". This is at 5.5.b4 as far as I can see from the watch fil
Someone decided a long time ago that it wasn't "free enough" to be
autobuilt, so took it off the list. I hadnt even thought to remove the tags!
On 7 May 2017 16:36, "Ivo De Decker" wrote:
> Hi Ben,
>
> On Sun, May 07, 2017 at 03:44:14PM +0100, Ben Hutchings wrote:
> > > On Thu, May 04, 2017 at 0
A very good question. I remember building this, I remember signing
and uploading this... I think I even remember sitting around waiting
for the emails for it.
When I get back to my dev machine on Monday, I'll try and remember to
have a look, though I think I recently deleted the files.
If so, I'
I've just pushed a new version of rar to the repo, can you let me know
if this has fixed the issue?
Regarding it crashing, tehre's not much I can do now other than pass
back the issue to the developers... The troubles with non-free :(
Any chance you can run rar with strace or similar to provide a backtrace?
On 7 April 2016 at 20:26, Alexandre Pereira Nunes wrote:
> Package: rar
> Version: 2:5.3.b2-1
> Severity: serious
>
> Rar crashes in all evocations.
>
>
> -- System Information:
> Debian Release: stretch/sid
> APT prefers
On 16/06/10 16:54, Olaf van der Spek wrote:
> Given that 2.1.0rc1 has been released, please package it.
>
An RC is not a stable release,
I'll consult with Derick on this one
signature.asc
Description: OpenPGP digital signature
On Wed, 24 Feb 2010 14:50:33 -0600
Raphael Geissert wrote:
> Hi,
>
> I've prepared and uploaded a 0-day NMU to fix this bug.
> Attached is the diff of the changes.
>
> Cheers,
Cheers!
Was waiting for upstream to get back and fix it there.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ..
reassign 563437 php-pear
thanks
I've just looked into this, and the reason that it's failing is that
/usr/share/php/doc is a symlink to /usr/share/doc/php-pear/PEAR
/usr/share/doc/php-pear is a symlink to /usr/share/doc/php5-common, which
doesn't include a PEAR directory.
If the symlinks were co
On Thu, Aug 20, 2009 at 11:09:43PM +0200, Ralf Becker wrote:
> Hi all,
>
> I'm one of the admins and the main developer of EGroupware project.
>
> Naturally I'm very interested that EGroupware stays in Debian.
>
> I'm building the projects own rpm packages and since a while also Debian
> package
On Thu, Aug 20, 2009 at 10:56:59PM +0200, Jan Wagner wrote:
> Hi Peter,
>
> On Thursday 20 August 2009, Martin Meredith wrote:
> > On Thu, Aug 20, 2009 at 12:11:29PM +0200, Jan Wagner wrote:
> > > On Wednesday 29 July 2009 10:39:48 Martin Meredith wrote:
> > > &
On Thu, Aug 20, 2009 at 12:11:29PM +0200, Jan Wagner wrote:
> Hi Martin,
>
> On Wednesday 29 July 2009 10:39:48 Martin Meredith wrote:
> > On Wed, Jul 29, 2009 at 09:02:18AM +0200, Thomas Viehmann wrote:
> > > Hi everyone (formerly) interested in egroupware,
> > >
On Wed, Jul 29, 2009 at 09:02:18AM +0200, Thomas Viehmann wrote:
> Hi everyone (formerly) interested in egroupware,
>
> egroupware seems to be in need for attention
>
> #526878
> [egroupware-wiki] egroupware-core sets open_basedir which
> disables hook_config_validate.inc.php (egroupwar
Package: php5-dev
Severity: grave
Noticed when trying to build some PHP stuff yesterday that due to the libtool
transition, the files in /usr/lib/php5/build (ltmain.sh et al) now point to the
wrong place.
They are currently pointing at /usr/share/libtool/*, whereas the files have been
moved to /
On Mon, 2008-12-15 at 18:25 +, Martin Meredith wrote:
> Can you confirm the version of php5-cli installed, and can you also do the
> following
>
> gdb
> attach
> bt full
>
>
> and send the backtrace? (so I can find out where this comes from)
You may need to i
also, what version of libmysqlclient15off have you got installed?
I see you're running mixed/experimental -
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Can you confirm the version of php5-cli installed, and can you also do the
following
gdb
attach
bt full
and send the backtrace? (so I can find out where this comes from)
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
On Mon, 2008-07-28 at 17:19 -0400, Andres Salomon wrote:
> On Sat, 26 Jul 2008 23:05:57 +0100
> Martin Meredith <[EMAIL PROTECTED]> wrote:
>
> > tags 490368 patch
> > thanks
> >
> > Attached is a debdiff for an NMU for yum to fix this issue.
> >
On Sun, 2008-07-27 at 00:14 +0200, Julien Cristau wrote:
> On Sat, Jul 26, 2008 at 23:05:57 +0100, Martin Meredith wrote:
>
> > Please Note: As I've done this properly, and used dpatch to fix this, it
> > will cause lintian errors (as it already does) because of previous
&g
2/debian/changelog
+++ yum-3.2.12/debian/changelog
@@ -1,3 +1,12 @@
+yum (3.2.12-1.2) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Added dpatch rules
+ * Added patch to load correct gpgme module (Closes: #490368)
+ * Changed rules so as to change dependency for python-pyme
+
+ -- Marti
Package: php5-symfony
Version: 1.0.17-1
Severity: critical
This is a bug to hold off symfony from testing, as while the package was
in NEW - 1.1 was released. Making versioned binary packages so that we
can have 1.1 and 1.0 installed alongside each other
signature.asc
Description: This is a digi
Tags: patch
It seems that when libgadu was changed to have it's own package (from
ekg) it started using proper version numbers (see #310276) - As before,
it had been using a date as a version number, it had worked, however,
this split caused the new package to be built with the correct version
inf
23 matches
Mail list logo
