CVE-2018-10115 impacts p7zip-rar

Bug #1768984 reported by Adam Logghe
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
p7zip-rar (Ubuntu)
Fix Released
Undecided
Unassigned

CVE References

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in p7zip-rar (Ubuntu):
status: New → Incomplete
information type: Private Security → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package p7zip-rar - 16.02-3

---------------
p7zip-rar (16.02-3) unstable; urgency=medium

  * Hopefully fix uninitialized memory access (CVE-2018-10115)
    by applying changes described at
    https://landave.io/files/patch_7zip_CVE-2018-10115.txt
    (closes: #897674, LP: #1768984).
  * debian/control:
    + switch VCS fields to salsa;
    + set Rules-Requires-Root to no;
    + Standards-Version: 4.1.4.
  * debian/copyright: add a short comment explaining why this package
    is non-free (lintian).

 -- Robert Luberda <email address hidden> Wed, 30 May 2018 09:04:26 +0200

Changed in p7zip-rar (Ubuntu):
status: Incomplete → Fix Released
Simon Quigley (tsimonq2)
tags: added: community-security
Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Could 16.02-3 be backported by the security team to bionic 18.04. The debdiff changes are minimal.

tags: added: bionic
Revision history for this message
Alex Murray (alexmurray) wrote :

@amribrahim1987 if you could please attach a debdiff we can look at trying to sponsor it.

Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Here is a diff of a no-change backport from Cosmic to Bionic.

Revision history for this message
Amr Ibrahim (amribrahim1987) wrote :

Ping!

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.