127587 – unace: looks like the winrar vulnerabilities affect us too

Bug 127587 - unace: looks like the winrar vulnerabilities affect us too

Summary: unace: looks like the winrar vulnerabilities affect us too

Status:	RESOLVED INVALID

Alias:	None

Product:	SUSE Linux 10.1
Classification:	openSUSE
Component:	Other (show other bugs)
Version:	unspecified
Hardware:	Other All

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Klaus Singvogel
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2005-10-11 15:51 UTC by Thomas Biege
Modified:	2005-10-12 15:21 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Other
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Biege 2005-10-11 15:51:34 UTC

Hi,
please have a look at: http://www.rarlabs.com/rarnew.htm

The author addresses two security related bugs that may affect unrar too.
Can you please check?

Thanks.

Comment 1 Ladislav Michnovic 2005-10-11 17:05:59 UTC

Unrar unpack only rar archives, the bug fixes handling with ACE and UUE/XXE
archives.

Comment 2 Thomas Biege 2005-10-11 17:10:11 UTC

Ah sorry get it wrong.

Comment 3 Ladislav Michnovic 2005-10-11 17:29:44 UTC

I think the problem is in winrar program. But I'll take a closer look.

Comment 4 Ladislav Michnovic 2005-10-12 10:49:06 UTC

Security team: Can you please submit your opininon?

Comment 5 Marcus Meissner 2005-10-12 15:21:29 UTC

i confused unace / unrar too... unace is binary only software and might have 
more flaws. 
 
lets close it as not affected