Martin Meredith wrote: > On Mon, 2007-12-31 at 17:10 +0100, Nico Golde wrote: >> Hi, >> the following CVE (Common Vulnerabilities & Exposures) id was >> published for rar some time ago. >> >> CVE-2007-0855[0]: >> | Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR >> | and possibly other products, allows user-assisted remote attackers to >> | execute arbitrary code via a crafted, password-protected archive. >> >> Unfortunately the vulnerability described above is not important enough >> to get it fixed via regular security update in Debian oldstable. It does >> not warrant a DSA. >> >> However it would be nice if this could get fixed via a regular point update. >> Please contact the release time for this. > > Hi there, I'm unsure as to what you want for this. > > From what I can tell, you're requesting an update of rar for oldstable? > > May I remind you that the only way to fix this in _rar_ for oldstable is > to update it to at least 3.7 beta 1 of rar. due to it being a binary > package.
Hmm, it sounds better to remove the package from oldstable and have a note in the Release Notes about it... Cheers Luk -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
