CVE-2018-10115 impacts p7zip-rar

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

This bug was fixed in the package p7zip-rar - 16.02-3

---------------
p7zip-rar (16.02-3) unstable; urgency=medium

  * Hopefully fix uninitialized memory access (CVE-2018-10115)
    by applying changes described at
    https://landave.io/files/patch_7zip_CVE-2018-10115.txt
    (closes: #897674, LP: #1768984).
  * debian/control:
    + switch VCS fields to salsa;
    + set Rules-Requires-Root to no;
    + Standards-Version: 4.1.4.
  * debian/copyright: add a short comment explaining why this package
    is non-free (lintian).

 -- Robert Luberda <email address hidden> Wed, 30 May 2018 09:04:26 +0200

Could 16.02-3 be backported by the security team to bionic 18.04. The debdiff changes are minimal.

@amribrahim1987 if you could please attach a debdiff we can look at trying to sponsor it.

Here is a diff of a no-change backport from Cosmic to Bionic.

Ping!