[Bug 84657] Re: Security update for rar/unrar (CVE-2007-0855)
Martin Meredith
ubuntu at sourceguru.net
Fri Feb 16 03:21:05 GMT 2007
Yeah, I just realised about the patch myself... need to pull in changes
in rardefs.hpp and strfn.{cpp,hpp} too
On Thu, 2007-02-15 at 18:51 +0000, Kees Cook wrote:
> For unrar-nonfree, the patches don't apply to earlier versions. :(
>
> consio.cpp: In function 'void GetPasswordText(char*, int)':
> consio.cpp:125: error: 'strncpyz' was not declared in this scope
> consio.cpp: In function 'bool GetPassword(PASSWORD_TYPE, const char*, char*, int)':
> consio.cpp:171: error: 'ASIZE' was not declared in this scope
>
> For the rar package, it looks like a good bit of time will be needed to
> do all the orig.tar.gz's, etc. At the moment, I don't have time to get
> these sorted out. If someone can generate (tested) debdiffs for each of
> the stable releases, I can get them uploaded.
>
>
> ** Changed in: rar (Ubuntu Breezy)
> Status: Unconfirmed => Confirmed
>
> ** Changed in: rar (Ubuntu Dapper)
> Status: Unconfirmed => Confirmed
>
> ** Changed in: rar (Ubuntu Edgy)
> Status: Unconfirmed => Confirmed
>
> ** Changed in: unrar-nonfree (Ubuntu Feisty)
> Assignee: (unassigned) => Martin Meredith
> Status: Fix Committed => Fix Released
>
> ** Changed in: rar (Ubuntu Feisty)
> Assignee: (unassigned) => Martin Meredith
>
> ** Changed in: unrar-nonfree (Ubuntu Breezy)
> Status: Unconfirmed => Confirmed
>
> ** Changed in: unrar-nonfree (Ubuntu Dapper)
> Status: Unconfirmed => Fix Released
>
> ** Changed in: unrar-nonfree (Ubuntu Dapper)
> Status: Fix Released => Confirmed
>
> ** Changed in: unrar-nonfree (Ubuntu Edgy)
> Status: Unconfirmed => Confirmed
>
--
Security update for rar/unrar (CVE-2007-0855)
https://launchpad.net/bugs/84657
More information about the ubuntu-archive
mailing list