Author: luk Date: 2007-12-30 18:08:37 +0000 (Sun, 30 Dec 2007) New Revision: 7769 Modified: data/CVE/list Log: unrar-nonfree fixed in (oldstable-)proposed-updates Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-30 15:38:26 UTC (rev 7768) +++ data/CVE/list 2007-12-30 18:08:37 UTC (rev 7769) @@ -14962,8 +14962,8 @@ [sarge] - rar <no-dsa> (Non-free) [etch] - rar <no-dsa> (Non-free) - unrar-nonfree 1:3.7.3-1 (high; bug #410580) - [sarge] - unrar-nonfree <no-dsa> (Non-free) - [etch] - unrar-nonfree <no-dsa> (Non-free) + [sarge] - unrar-nonfree 1:3.5.2-0.2 + [etch] - unrar-nonfree 1:3.5.4-1.1 NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-", NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration