[Pkg-clamav-devel] Wheezy update of libclamunrar?
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Jul 5 19:38:56 UTC 2017
On 2017-07-05 08:36:28 [+0100], Chris Lamb wrote:
> Dear maintainer(s),
Hi,
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libclamunrar:
> https://security-tracker.debian.org/tracker/source-package/libclamunrar
>
> Would you like to take care of this yourself?
No, sorry.
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
This
https://anonscm.debian.org/cgit/pkg-clamav/libclamunrar.git/tree/debian/patches?h=jessie
points to patches folder I intend to push for Jessie. Wheezy should be
the same thing. The thing in the tracker is
unrar-adding-proposed-changes-to-fix-RAR-VMSF_DELTA-.patch
however I also recommend that you add the other four patches as well
(they are part of Jessie+). This fixes an out-of-band memory access and
upstream did not make a fuss about it.
> Chris Lamb,
> on behalf of the Debian LTS team.
Sebastian
More information about the Pkg-clamav-devel
mailing list