Package may contain vendored rar library affected by CVE-2023-40477
Bug #2035824 reported by
Paride Legovini
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libclamunrar (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
[Filing https:/
src:libclamunrar adds (un)rar support to clamav, but I don't see a Build-Depends on a rar library, therefor I suspect the package uses a vendored version of the library. This means it may be affected by CVE-2023-40477 independently from the rar or unrar-nonfree packages.
| Changed in libclamunrar (Ubuntu): | |
| status: | New → Confirmed |
To post a comment you must log in.
