new rar, darktable, photoflow issues

NFUs
author: Moritz Muehlenhoff <jmm@debian.org> 2021-07-01 11:04:59 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-07-01 11:04:59 +0200
commit: 378bfbbc9c6c21123173507a6fba90e9d253ecb8 (patch)
tree: 712a9b92c6d137e243ae954a64a13668aef871bc /data/CVE/list.2017
parent: 475386979bd89436fea474e6daa314cc70930366 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017
index 43269399e7..61febfef6d 100644
--- a/data/CVE/list.2017
+++ b/data/CVE/list.2017
@@ -1,5 +1,8 @@
 CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...)
-	TODO: check
+	- unrar-nonfree 1:5.6.6-1
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373
+	NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml
 CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...)
 	{DLA-2680-1}
 	- nginx 1.13.6-1
author	Moritz Muehlenhoff <jmm@debian.org>	2021-07-01 11:04:59 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-07-01 11:04:59 +0200
commit	378bfbbc9c6c21123173507a6fba90e9d253ecb8 (patch)
tree	712a9b92c6d137e243ae954a64a13668aef871bc /data/CVE/list.2017
parent	475386979bd89436fea474e6daa314cc70930366 (diff)