-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 05 Jul 2017 22:22:00 +0100 Source: libclamunrar Binary: libclamunrar7 Architecture: source amd64 Version: 0.99-0+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: libclamunrar7 - anti-virus utility for Unix - unrar support Closes: 867223 Changes: libclamunrar (0.99-0+deb7u2) wheezy-security; urgency=high . * CVE-2012-6706: Prevent an arbitrary code execution issue; this was caused by an integer overflow resulting in a negative value of the DestPos variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. (Closes: #867223) * Fix four other unaligned access patches as suggested by the package maintainer. Checksums-Sha1: 4c43da6e03d6d66792c7713f3ab46784c657d3e4 2159 libclamunrar_0.99-0+deb7u2.dsc 3299e943affefb7a1aea0cada292f1c4ec039aed 311248 libclamunrar_0.99.orig.tar.xz c6e234f666832ed62c7e9608fafed9a4a35c99cf 9708 libclamunrar_0.99-0+deb7u2.debian.tar.gz 94930fcf3ed8c855e809b7e91fb0ac72e7c94126 38216 libclamunrar7_0.99-0+deb7u2_amd64.deb Checksums-Sha256: 51377929f00ce85b4039628c18ac4a700bc4c762c76c5c9dd2511d314b1180c9 2159 libclamunrar_0.99-0+deb7u2.dsc 57db66f56d0b1fcc538b2de0b7de3ae77a014e77b7236d6aee80c9c4561b915f 311248 libclamunrar_0.99.orig.tar.xz d837665b3d9b1309ecd01a9a939f445c892ea0bde93e2b1a9910954c15890e3e 9708 libclamunrar_0.99-0+deb7u2.debian.tar.gz edbed97d1ae49e2ed9add455c28fdc18516459c24e78e148a9be91b6e7787764 38216 libclamunrar7_0.99-0+deb7u2_amd64.deb Files: e813dcaba8191c1590f858b65ee00fcc 2159 non-free/libs extra libclamunrar_0.99-0+deb7u2.dsc 6b1a9739345aff4560b0e6d03d3411be 311248 non-free/libs extra libclamunrar_0.99.orig.tar.xz e20bcd1dadea2565e79bb5140cc38c11 9708 non-free/libs extra libclamunrar_0.99-0+deb7u2.debian.tar.gz 9742650e8e838f20e841641a1a02abe2 38216 non-free/libs extra libclamunrar7_0.99-0+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlldWmsACgkQHpU+J9Qx HliuRRAAvVDpwK+l05GgTxdrgGZUjmDGPga6bZELQGH7cJBQMSaMtj/twzkoflT0 MaZ+iCx5G3IYTv6WdIl6KaJgjdgjLpGCgUu4ws1do6Nd8LmMXy10+bMTdxHnSTPU yAC5PVCTgZ+iHncVBEViobRIT1r4c0DfO7FZ6tQ82XoBfn9CZqFBSjmd33IYqf53 rTKZ02qIiUfkOpm5yjycCmMgHEf/82NGVodymZw33YXHjs6u4PSOy5wSCud1sOsi 6A+slWqQQv1KICKaXm/EW/qpIeQW3RzHP7fheifIf7EnJx2KYB+/RJbLy01PwGMz SyiHfEYOjauHX7x+W4Krog0neFBU+OLuM+wkjb6VDNDljrcmKG5CTcVUO7t7tn31 4mhWHwl0uzw2dwai6qzOUQcROl326/L8yZi+IoDpKntgoP+upB0UtFVe4V3yzFIZ /stgxvwGoYPm7+ZYufZiJMYkhjGfJgpkQTzb+gzPDLBsqYt0cLfgNCAAjPYUAKFA i+ZPE4JdDgbPMcmEMLTp3ehbeqAX4/yxjgWzR+86rhNc9IIINSgfw7FhpPpfhnb+ 1amLUKL93ztG9/8O6Vk4Joth/ZPDQLbEKhpzXodq4/2aRjzd6Q5U4i+ZIWZEMTMY 5hjpgggIArtnqwxhcIrpkOpOn3IiaWiH81aJBPAG09ZO+3G/DTs= =tpQn -----END PGP SIGNATURE-----