Accepted unrar-nonfree 1:5.6.6-1+deb10u4 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted unrar-nonfree 1:5.6.6-1+deb10u4 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 26 Aug 2023 19:40:20 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: unrar-nonfree_5.6.6-1+deb10u4_source.changes
- Debian-source: unrar-nonfree
- Debian-suite: oldoldstable
- Debian-version: 1:5.6.6-1+deb10u4
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=a7Lbz/kvlr+FY2oBBGKQ2qbob88GAmtWBy4o1QZ/PSA=; b=oXjJX2NhhW7SKscw3WqCg/51Ls DcdMlCEClTlsG17AvEp9mNJuq1c62tVPyQa4f0vU1cCC/Vj8iVLv8YGC3+GgBnOKOpoBeLRhcEagq HnZr35hCRxdKeotuaCz/2Oeur0GycsQBxku75+kHlBTAu2Ih6sao0Po1kXfFFhAK1/chcHpa/NEow 2n/0wxVTbjq4UHJFWz5/rq/5vcjeh+z+MvyFqttsnwktbnpYKB5mehG3QspbfhsuXtKOfoSxr96GY t8bTfImbNyxs+rXIxib4LQ7tRIhzm277e/yJwT4F1w4z5pz5uOrzhe9L1f8Bvl7HGDpIKtZ42r+mW 904Y3ReQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qZz8u-003xtK-JD@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 26 Aug 2023 21:23:41 CEST
Source: unrar-nonfree
Architecture: source
Version: 1:5.6.6-1+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Martin Meredith <mez@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
6dc0a44db904858cf01867114cfbb65bfdb6859b 2257 unrar-nonfree_5.6.6-1+deb10u4.dsc
5fb37d7a4cee9c0efbb1e4bfb2fd1006a381ff99 13880 unrar-nonfree_5.6.6-1+deb10u4.debian.tar.xz
0efeca66bb2c45ed88c15b1f0d9e05675b7be595 6314 unrar-nonfree_5.6.6-1+deb10u4_amd64.buildinfo
Checksums-Sha256:
54491fd01e18a50fb88254d86ba9bc70fa60c22903bff18ee8e63ae04b59cb00 2257 unrar-nonfree_5.6.6-1+deb10u4.dsc
fafaa650b5cb063fe67c37136a30d1781e0fa4fa1ee1cfeeb8781b08e4750371 13880 unrar-nonfree_5.6.6-1+deb10u4.debian.tar.xz
809b6fb20e6595704c3172b1f6a8817f2d48dc41ff3854b897e6b7dffa42a702 6314 unrar-nonfree_5.6.6-1+deb10u4_amd64.buildinfo
Changes:
unrar-nonfree (1:5.6.6-1+deb10u4) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2023-40477:
A specific flaw within the processing of recovery volumes exists in UnRAR,
an unarchiver for rar files. It allows remote attackers to execute
arbitrary code on affected installations. User interaction is required to
exploit this vulnerability. The target must visit a malicious page or open
a malicious rar file.
Files:
c108bb766818e8ccb09004af7ad4628f 2257 non-free/utils optional unrar-nonfree_5.6.6-1+deb10u4.dsc
5552169ddadce61aca303aa91aab7a27 13880 non-free/utils optional unrar-nonfree_5.6.6-1+deb10u4.debian.tar.xz
a992ee7a0bb81a271a074403663a1a0d 6314 non-free/utils optional unrar-nonfree_5.6.6-1+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTqUVlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkydEQAM9sA1Es+5xy0mpCyy5epHBUvSUnoVM8L3BO
5SIjvkDo9dYaEVS7vurNXxNGrisajwgwVLrgo7TDUccOCfPgABK/eRyMGxx0lvtb
FYfxKUyyEGOwD47qk8UOlKLPyoYfzW3nbNiQq1AvZDdP4CT+pEULLGsM5FdRiTnk
FtAen7l5ClR8yLCXg6YJXcmYE/T2SZ9MWpGTOq/GCXfVnbrn2N5KEJl0LA1OWorm
Xbta3lxwy4i24X2AwgKUeXkUvxciV+0rUVO4eihv4+Q442NCaymorsqfS6v0i9qc
pitBfu0f8aytO2tAth6FZ6T/sm/s0E1QzFSBcNAz5zy24QZNK2lZZENuhCvEQveG
gwZdb9d90gGrVQJnUNe7f69Z2bRo+lRnu1sgF+OYencgESFm12dUV1swA2hav3eJ
w3PoJfXGfYcjyJusZaUYBuKqOVGSakFBUKAXOJOCrmQgecIiC7SHnkcNrkP9Opm5
0/msIs6JJnKA0z2baf6Ps8idAGFHIExSw53B/CjizhYk52pRMbxv7eTsaCw1qDs4
6ZT4m6HAkEzEeTjL4siecDAubZ5saj5Td+OclcEi/mptTnjcF6XyYFQzA5eo8PXg
uQ9NmhKD6Gq5QdNMLjYt3FjlCGSBFSincqvXvvm9W8ccPTKXi1siRmUNZVHZgAis
11dhQx9h
=e5ij
-----END PGP SIGNATURE-----