[Buildroot] [PATCH] unrar: security bump to version 5.5.8

Peter Korsgaard peter at korsgaard.com
Fri Sep 8 09:15:28 UTC 2017


>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:

 > Fixes the following security issues:
 > CVE-2017-12938 - UnRAR before 5.5.7 allows remote attackers to bypass a
 > directory-traversal protection mechanism via vectors involving a symlink to
 > the . directory, a symlink to the .. directory, and a regular file.

 > CVE-2017-12940 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
 > in the EncodeFileName::Decode call within the Archive::ReadHeader15
 > function.

 > CVE-2017-12941 - libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read
 > in the Unpack::Unpack20 function.

 > CVE-2017-12942 - libunrar.a in UnRAR before 5.5.7 has a buffer overflow in
 > the Unpack::LongLZ function.

 > For more details, see
 > http://www.openwall.com/lists/oss-security/2017/08/14/3

 > While we're at it, add a hash for the license file.

 > Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Committed, thanks.

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list