Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-250-1 libclamunrar

Debian Security Advisory

DLA-250-1 libclamunrar -- LTS security update

Date Reported:

19 Jun 2015

Affected Packages:

libclamunrar

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 770647.

More information:

Upstream published version 0.98.5. This update updates sqeeze-lts to the latest upstream release in line with the approach used for other Debian releases.

This update corrects a double-free error that existed within the "unrar_extract_next_prepare()" function (libclamunrar_iface/unrar_iface.c) when parsing a RAR file. While no CVE was assigned, this issue does have potential security implications.

If you use libclamunrar, we strongly recommend that you upgrade to this version.