[ubuntu/focal-updates] unrar-nonfree 1:5.6.6-2ubuntu0.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Mar 12 18:28:49 UTC 2025
unrar-nonfree (1:5.6.6-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: directory traversal issue
- debian/patches/CVE-2022-30333.patch: introduce and use SafeCharToWide
in ulinks.cpp.
- CVE-2022-30333
* SECURITY UPDATE: directory traversal via symlink chains
- debian/patches/CVE-2022-48579.patch: properly handle symlinks in
arcread.cpp, extinfo.cpp, extinfo.hpp, extract.cpp, extract.hpp,
hardlinks.cpp, model.cpp, os.hpp, pathfn.cpp, timefn.hpp, ulinks.cpp,
win32stm.cpp.
- CVE-2022-48579
* SECURITY UPDATE: code exec via recovery volume index validation
- debian/patches/CVE-2023-40477.patch: improve checks in getbits.cpp,
pathfn.cpp, recvol3.cpp, secpassword.cpp.
- CVE-2023-40477
* SECURITY UPDATE: ANSI escape sequence issue
- debian/patches/CVE-2024-33899.patch: replace ESC in consio.cpp,
log.cpp, strfn.cpp, strfn.hpp, resource.cpp, resource.hpp.
- CVE-2024-33899
Date: 2025-03-07 14:18:11.331133+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.6.6-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list