Author: jmm-guest Date: 2007-02-11 22:20:35 +0100 (Sun, 11 Feb 2007) New Revision: 5442 Modified: data/CVE/list Log: rar no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-11 21:12:40 UTC (rev 5441) +++ data/CVE/list 2007-02-11 21:20:35 UTC (rev 5442) @@ -15,7 +15,11 @@ NOT-FOR-US: Trend Micro Anti-Rootkit Common Module CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...) - rar <unfixed> (high) + [sarge] - rar <no-dsa> (Non-free) + [etch] - rar <no-dsa> (Non-free) - unrar-nonfree <unfixed> (high; bug filed) + [sarge] - unrar-nonfree <no-dsa> (Non-free) + [etch] - unrar-nonfree <no-dsa> (Non-free) NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-", NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration