new rar, darktable, photoflow issues

NFUs
author: Moritz Muehlenhoff <jmm@debian.org> 2021-07-01 11:04:59 +0200
committer: Moritz Muehlenhoff <jmm@debian.org> 2021-07-01 11:04:59 +0200
commit: d7e888e6fbda7920e621e1b8994ede8854d21a9c (patch)
tree: ce9edcc9de29986d8f5f36beea5e34ef3c68edf5 /data/CVE/2017.list
parent: 4b6c2cf4baa7c29776a82642c7721d04735c6c22 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 43269399e7..61febfef6d 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,5 +1,8 @@
 CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...)
-	TODO: check
+	- unrar-nonfree 1:5.6.6-1
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373
+	NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml
 CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...)
 	{DLA-2680-1}
 	- nginx 1.13.6-1
author	Moritz Muehlenhoff <jmm@debian.org>	2021-07-01 11:04:59 +0200
committer	Moritz Muehlenhoff <jmm@debian.org>	2021-07-01 11:04:59 +0200
commit	d7e888e6fbda7920e621e1b8994ede8854d21a9c (patch)
tree	ce9edcc9de29986d8f5f36beea5e34ef3c68edf5 /data/CVE/2017.list
parent	4b6c2cf4baa7c29776a82642c7721d04735c6c22 (diff)