-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 20 Aug 2023 09:58:26 +0200 Source: unrar-nonfree Architecture: source Version: 1:6.0.3-1+deb11u2 Distribution: bullseye Urgency: high Maintainer: UnRar maintainer team <team+unrar-nonfree@tracker.debian.org> Changed-By: Markus Koschany <apo@debian.org> Closes: 1050080 Changes: unrar-nonfree (1:6.0.3-1+deb11u2) bullseye; urgency=high . * Non maintainer upload. * Fix CVE-2022-48579: It was discovered that UnRAR, an unarchiver for rar files, allows extraction of files outside of the destination folder via symlink chains. (Closes: #1050080) Checksums-Sha1: 1cc1e5f1587b3ee92df1a9d2c871cf725080a847 2461 unrar-nonfree_6.0.3-1+deb11u2.dsc e7be8cc14a71af3a7e7c624ae52a49d4c9276e4f 15644 unrar-nonfree_6.0.3-1+deb11u2.debian.tar.xz 71fc93815a11251d2114f36b4892c910ef9b0ca0 7700 unrar-nonfree_6.0.3-1+deb11u2_amd64.buildinfo Checksums-Sha256: 0651fcb8fb3fdb999ee1e9fa51156b5217d2edebc938a1bcc4380b10befe02cc 2461 unrar-nonfree_6.0.3-1+deb11u2.dsc aee9fde56d9258679331b0a6779a520ac931e154721e54b211b7aba537816194 15644 unrar-nonfree_6.0.3-1+deb11u2.debian.tar.xz 1396a17e05bd6c8f0f63b618d28539a4cedaed7a0a498df350ecc72d17b9c32f 7700 unrar-nonfree_6.0.3-1+deb11u2_amd64.buildinfo Files: 9a195adf4f2514edaaa42ce4b81bd0ef 2461 non-free/utils optional unrar-nonfree_6.0.3-1+deb11u2.dsc 1c3b7df33ef168c2fae3fd1b89d9bbb5 15644 non-free/utils optional unrar-nonfree_6.0.3-1+deb11u2.debian.tar.xz 8bce04442cb3467015bb47fb365a6e63 7700 non-free/utils optional unrar-nonfree_6.0.3-1+deb11u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmThyOhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkeDUQAM3rOl6vIxiRY9PR9S9izVcZpoZRHj0UFsPI COlREYffAYY5Yb55ePevkzHbs8+fO14gshlLrQf/82e8VICchhRQScVIudsHCuke MdTJA2QcTDqj07TbcdmWmZ/rc0UBhd0v1PG8Lq0OQemnCKYk7eBKWI/GrUDUnhP9 zUi74otwMG+3KtcrR3BTE56iBT11DWudS3JW2fmtcBpfoIOw7eeBKChxLJetT2MT QAwExD/ypXdI66TjknX9LCXiwUQ6dEEQKVU4Ex7ZEFQLNal2cCDck74+kX5oIuBC wMGSJwvj4czjDy+LB/3mELq4yB2awReEL64GhI2udMv7NHl6y2FJp9I9+uG2cAex u0kQC9ZEJN1Jtas+Av5F2IKI+OnWUK23+mL67ZshrF81Fl9JPr70JrNmYAI3pRNO GbMBVT0e6NID1zb78iw7O5u/m0/LlQTIylvtw547gQ8+60wSfaki5vq674WX6FBs ejK4iKb/FtlkcbUE2aqwa8ZIQqR7FS4F50Zz9FYfiyC1J9iHRPsCEbXGnArC1WZ0 4R8NJqRSlCzeHcfabpAJpB6OKuikwryV++1/4GOT0EQZMbi2JLF8mJXS+2mCj+r0 frB0Xoo5zHrx2JNS8ER2rUuEHCpYS4WARlc5NLP1Qd30BD+lf/+jtZUWYLea1aeS Zww21RdG =CNaY -----END PGP SIGNATURE-----