Accepted unrar-nonfree 1:5.6.6-1+deb10u2 (source) into oldoldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted unrar-nonfree 1:5.6.6-1+deb10u2 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 15 Aug 2023 22:20:28 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: unrar-nonfree_5.6.6-1+deb10u2_source.changes
- Debian-source: unrar-nonfree
- Debian-suite: oldoldstable
- Debian-version: 1:5.6.6-1+deb10u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=7jEBNVqKucZ+qn9qfXZyb5nAZT2EHg/+/tViFOoMFyk=; b=Tfj+EfF0jeBR2ZojigaIsUiKaQ +0pkT7En7oHViJGpHq9iBb7CjrGHdHJ0jIqVZGg0D7e2dlsvgUc2XzUqFlnwEbVVH5WU0YLr0pDK0 E37u6fkZ3Llrt93j2PC+gl+N3BOCvfxF/ZFYs0A5XYQ2524AKPp+Q8ChNr8879eCaevzrm3cT/Fpb 3edoQ+o4/oCjZ1gKiAbBUObBCSpArWAWKJk7PYtJMx/g8MpiTc5wOGXTw5SZ9NiohTx3O5nfXsvBs +DfRa8TrjUET5FaEE5AAp0+pqIMO0YsIJFTb4K/EqZxDmqLd0esNGHl2geAsm0wLsJYAfXyGayQdx gRHXvSUg==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qW2Oq-00AL1a-VN@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 15 Aug 2023 23:57:10 CEST
Source: unrar-nonfree
Architecture: source
Version: 1:5.6.6-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Martin Meredith <mez@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
73430d145e2473cd2e30be51fc8bef351b57e93f 2257 unrar-nonfree_5.6.6-1+deb10u2.dsc
ca508d40553d663414d8d5454cbf4e71aa0ba410 226484 unrar-nonfree_5.6.6.orig.tar.gz
11edc3919625dfef92b9be2f7d17588a0b99f7d9 12572 unrar-nonfree_5.6.6-1+deb10u2.debian.tar.xz
dd3277063041e362987ae9dfe2821f1fd3495807 6314 unrar-nonfree_5.6.6-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
10a14bfbdb7335a12349132e9c4a3965daf3c3e132122fa201ae20297f39dbb2 2257 unrar-nonfree_5.6.6-1+deb10u2.dsc
5dbdd3cff955c4bc54dd50bf58120af7cb30dec0763a79ffff350f26f96c4430 226484 unrar-nonfree_5.6.6.orig.tar.gz
fc1d2f2407428d34530eb3898244e9f184e4a1fe11265ecc6f48292f18b2abc4 12572 unrar-nonfree_5.6.6-1+deb10u2.debian.tar.xz
768081601c8407065383ba106031e981bd69de2889657428d02abed3f8e9d2cd 6314 unrar-nonfree_5.6.6-1+deb10u2_amd64.buildinfo
Changes:
unrar-nonfree (1:5.6.6-1+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2022-48579:
It was discovered that UnRAR, an unarchiver for rar files, allows
extraction of files outside of the destination folder via symlink chains.
Files:
046bd9cf51f89d55050546153fca2f9b 2257 non-free/utils optional unrar-nonfree_5.6.6-1+deb10u2.dsc
f54fdf142f0981ae1840a32fc9220e45 226484 non-free/utils optional unrar-nonfree_5.6.6.orig.tar.gz
ce648ff7f23d9b3a540331b56017546c 12572 non-free/utils optional unrar-nonfree_5.6.6-1+deb10u2.debian.tar.xz
229adafb82da3e83b3d7d59a1f44cd40 6314 non-free/utils optional unrar-nonfree_5.6.6-1+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTb9ZhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk0MgQAMKtouHekydQ35zASq3/45Or8T2LaDdR3vQf
QIC3DC5qG4ZdWMmSnGhuWCNorG1x74JNJu7o7Jobg/ogaFWu/jTN0HVz5gXXOSsr
2PJEbaw6qN7RmVJWEgWkZaOCCSFa9W2uo6dZQcdx2SENCpSFJZQcdmlPD6HkVPey
IxwtgfiQXj4Tsn+7N91mdq/lxK634sRU311yQzq8DJFsmySzhMVE59eTeMTwpegk
6foX2C/QrabkqCLkIQjmk9Gb/F3G8kCa4jcQJRxhpITL/RhhDgHFjwBV0/GrcFxo
uc3sJo5oFP/C5jHhCkHjfbE4VyyiX9ERdWRg3rEVK40enn2hun7i02niQ8NNx8FJ
a1mU50fXf7HBxR5Am2NxBE2K988N9n/fDgACXUH6m+xa5p+hf6AV3eLRlMjflWaZ
jb4gQNWOjQeBMavF1tv+pxbu3WtzJ0JwLacH9yqzyrV1kRuzazN+iIlUWj3wJYtY
CskXGws8Fry1fbsRloLcyaZMYXBppX8Te9DoVFWCA/aW21F9LNU7JNLPpS04ykhk
W6DxDY8UTE0Q+HYuCyhKzVFrayA6rQ4fs45Y/WFT2wg8dNPP7O8yoVFUUrSV/R/t
mbINLgbULlAS2tXjY7it4Bsz9gbgf/qfV2w/khJgNJxAvROEIxjDqPnr647b3rWP
WVkkbbmH
=42zl
-----END PGP SIGNATURE-----