Bug#1051232: bookworm-pu: package 7zip/23.01+dfsg-3~deb12u1
Hello,
> What are the isolated fixes for CVE-2023-40481 and CVE-2023-31102, is there some
> kind of public upstream VCS or can you ask upstream about it?
CVE site is not disclose info about this issue yet, but Zero Day
Initiative already disclose this issue.
> CVE-2023-31102: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/
> CVE-2023-40481: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
In Zero Day Initiative report, they shows the fixes about these issues.
> ADDITIONAL DETAILS 7-Zip has issued an update to correct this vulnerability. More details can be found at: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/
Updated 7-Zip 23.00beta is released in this sourceforge link.
I want to upload 7-Zip 23.01 to Debian because 23.01 is non-beta version.
--
YOKOTA Hiroshi
Reply to: