> My mail was really just about the missing entry in the security > tracker, as this CVE is now quite "famous" and people may look it up > there (at the security tracker) and be unsure whether or not it is > already fixed (which it is), especially since the changelog.Debian > contains as of now the ZDI-number only, and not the CVE)
Add note about CVE-2023-40477 to changelog in Debian unstable Git repository. https://github.com/debian-calibre/unrar-nonfree/blob/d32cc60a161bf34b46b674fcef053939cc45851a/debian/changelog#L15 > ZDI-23-1152 is also filed as CVE-2023-40477 . > https://www.cve.org/CVERecord?id=CVE-2023-40477 -- YOKOTA Hiroshi
