Bug 127587

Summary: unace: looks like the winrar vulnerabilities affect us too
Product: [openSUSE] SUSE Linux 10.1 Reporter: Thomas Biege <thomas>
Component: OtherAssignee: Klaus Singvogel <kssingvo>
Status: RESOLVED INVALID QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Thomas Biege 2005-10-11 15:51:34 UTC 
Hi,
please have a look at: http://www.rarlabs.com/rarnew.htm

The author addresses two security related bugs that may affect unrar too.
Can you please check?

Thanks.
Comment 1 Ladislav Michnovic 2005-10-11 17:05:59 UTC 
Unrar unpack only rar archives, the bug fixes handling with ACE and UUE/XXE
archives.
Comment 2 Thomas Biege 2005-10-11 17:10:11 UTC 
Ah sorry get it wrong.
Comment 3 Ladislav Michnovic 2005-10-11 17:29:44 UTC 
I think the problem is in winrar program. But I'll take a closer look.
Comment 4 Ladislav Michnovic 2005-10-12 10:49:06 UTC 
Security team: Can you please submit your opininon?
Comment 5 Marcus Meissner 2005-10-12 15:21:29 UTC 
i confused unace / unrar too... unace is binary only software and might have 
more flaws. 
 
lets close it as not affected