Debian alert DLA-1091-1 (unrar-free)

From:
    	     
 
Chris Lamb <lamby@debian.org> 
To:
    	     
 
debian-lts-announce@lists.debian.org 
Subject:
    	     
 
[SECURITY] [DLA 1091-1] unrar-free security update 
Date:
    	     
 
Thu, 07 Sep 2017 16:48:52 +0100
Message-ID:
    	     
 
<1504799332.4061176.1098519440.569D5D55@webmail.messagingengine.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : unrar-free
Version        : 1:0.0.1+cvs20071127-2+deb7u1
CVE ID         : CVE-2017-14120
Debian Bug     : #874059

It was discovered that there was a directory traversal vulnerability in
unrar-free, a unarchiver for .rar files, where pathnames of the form
"../filename" were unpacked into the parent directory.

For Debian 7 "Wheezy", this issue has been fixed in unrar-free version
1:0.0.1+cvs20071127-2+deb7u1.

We recommend that you upgrade your unrar-free packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlmxaksACgkQHpU+J9Qx
Hli2ahAAmCeXgNQ3Sco4aaaYhKErZbLloC+IwZEwTNM35zQ9vxQZRk/8KZoExJiw
ICXz0cc+2O4zcUp/p4NCf7tKrdJOJZUiVn1fknAgiTXJ8kxFStEhDVEuZr84RGp8
IIv0u8BU7kA7FyHJJF1pD3ThSERNas24YYHMWMFY8WINk1Ahhmt4at7RrV6e2Q00
5cevHaSVHchkKE5H7wyD2XscHh96qfOIKoYYHyTxWWV6dZuYDUBn2C4tRXURlMSU
yRWpudAK5I5v7eje2kkNlYS8d0N+u82NDwS54cUoWfv/TJnkme9rWeTtLNxRsutG
wvDkz5g22kAj1lVKfA5O6WyQPrvf4shDkuvestklRk07Giv35Giieicd+y4BnSjr
cuJluah9A8bu2V20RW+ftvmoXX7pVwchBNE71H65QxOXvoJndrohzKP0+mp1V3DS
DWyut+SLcjxcNTkFiMSzbxoE4ILpVg6r4aDIBzkAba5PEFnc1HUBeWVW9nzCF5q1
z+VqiM3xkwl8L4ZL1y8oi8g5auloYqWlyVxfDVavUjmki4Q8y9e67F2W9VgXwjW7
u0yLmYeAKY7aNlcAlD8CR+EsxtHNL0y5+CqPFyw0/sZy0IwrGnz0GRhV8ShE4S8S
PPPV4Ct1cfWSwMZDwSfu4ExN5ueNpaALWj5rUjHcLyFxKGKoQLg=
=ZZDp
-----END PGP SIGNATURE-----