CVE-2022-30333 (unrar file write vulnerability) patch not yet available for Ubuntu packages
Stefano Rivera
stefanor at ubuntu.com
Wed May 11 21:46:01 UTC 2022
Hi Simon (2022.05.11_05:03:38_+0000)
> The vulnerability has been patched in RarLab's upstream version 6.12 (
> https://www.rarlab.com/download.htm ).
As I understand it, that corresponds to 1:6.1.7 in Debian/Ubuntu.
See: https://security-tracker.debian.org/tracker/CVE-2022-30333
That is making its way into Kinetic:
https://launchpad.net/ubuntu/+source/unrar-nonfree
The security team hasn't triaged it yet for other releases:
https://ubuntu.com/security/CVE-2022-30333
SR
--
Stefano Rivera
http://tumbleweed.org.za/
+1 415 683 3272
More information about the Ubuntu-motu
mailing list