-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Aug 2023 10:58:05 CEST Source: rar Binary: rar Architecture: source amd64 Version: 2:6.20-0.1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Martin Meredith <mez@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: rar - Archiver for .rar files Checksums-Sha1: c281dd8eebae8bb6a8cf89baa4ad9ce185642f73 2129 rar_6.20-0.1~deb10u1.dsc cc7e6e4cda8a5883eba71e6cabb3071c3ff20ba3 614188 rar_6.20.orig-amd64.tar.gz b72a08442661b3c3142ad5294eea2db2ff5c98ea 627693 rar_6.20.orig.tar.gz 8de6a2e027098173c956c1132e4ff183de4f3433 10952 rar_6.20-0.1~deb10u1.debian.tar.xz 869a981cac052fcaf1d7f05e202fa8d927f46ff1 5621 rar_6.20-0.1~deb10u1_amd64.buildinfo 840fcaf40cae976a8e880dd9ddcf544772d301fe 360612 rar_6.20-0.1~deb10u1_amd64.deb Checksums-Sha256: d7c816c851aeb9681f346aeed0bac3859c5d9471fdc86b7b7e98b03bff261a57 2129 rar_6.20-0.1~deb10u1.dsc a17df6b0460a285c558e493cc81ecd370af042861aa98ae081290d12f5d71967 614188 rar_6.20.orig-amd64.tar.gz c27fd7cd95a915e232e0cb951c187788eb588628074d1513e36f9d2f4996ede9 627693 rar_6.20.orig.tar.gz 31d0972ce5ca0a00bcd303eafcd9fd3d65cdb4037b9809b4834435dcea14592c 10952 rar_6.20-0.1~deb10u1.debian.tar.xz e51f8ea9ea3f167d05a95f75030a7e9df4c56c7ac57cb6ba488f31e34beac454 5621 rar_6.20-0.1~deb10u1_amd64.buildinfo 5ab8b7b962eea1213683834b7184088a4a7f6d28fd3d80762eae8a1ee7e283dc 360612 rar_6.20-0.1~deb10u1_amd64.deb Changes: rar (2:6.20-0.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2022-30333: The RAR archiver allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. Files: 8942f2ead957203a1c662a8bde57d74a 2129 non-free/utils optional rar_6.20-0.1~deb10u1.dsc 32af313cc0aa179a53a4e19ed00bfc84 614188 non-free/utils optional rar_6.20.orig-amd64.tar.gz a5d07f98ddc8587e64adaca710b06b27 627693 non-free/utils optional rar_6.20.orig.tar.gz 94252873b65ca7446344668719aca60a 10952 non-free/utils optional rar_6.20-0.1~deb10u1.debian.tar.xz c7ca48d254363aa2f95a6f4c2985ccbc 5621 non-free/utils optional rar_6.20-0.1~deb10u1_amd64.buildinfo 24a07aa6ff554d5331a8c86f4d92f2e2 360612 non-free/utils optional rar_6.20-0.1~deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTd5w5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkQIgQAM6LEsLY6c47MimiIY0ULAFJmPG5ktzeds7s 1+Qomei1njYqkOZpG//ob+33Jy7u/emb0FWAggarL/CA3mjaV6c1NwKAKEo7wDEZ QFw6zYGXPv3NCg3m09V00TDihzTi6Zrkgv1jEEovHCpxivX6qVeVcofnbOkCcci6 eYt8Mc/dWffHihnx4j+fTFltoSmXb7wLMEISl9kWBSsrZQy9iQd2oWqmNuy3lblX sqnn8eiiIqOq5b+yTGvkaFWDr6mBD8EVpqoE8e5EKKTlVoaOtjCO7Jf5YpUl/n8P IwVZml9azHOEJ/4a80A7CD2DFmyFhSs2cKak2196ql3Iy4Q02SS6onKre6c4tP/e Igv6pEOaw4B+mZjpd1CNVSYqcSvJu/b9aaEBBTMTnkQ91LyPH7DVHYQd4aoYcyjG NcHmfks/SEf/t2b1QYm+0z6OLYeTsWX60iWOL+HE9Orzm/BbmRqbA3SCoEPU6SrP B+DpastXykBwVj4IF9Bzt9MjeQQ+VNY87wyYDUUp6y/3Pw5/2bqFIHaCggjbHTli yoHIVdlt/duWT85NKtB9fc3iIFP11eoUNeeW15lBRfAL0adWh8zWbvm1CfreBJda PVMyWMTod5JSfaj7dp7jFNis0h0CIFy927GcsZ4CXeehjlaVeEL6oxbei469RXq7 TpDDgFzx =Rm1b -----END PGP SIGNATURE-----
