Merge commit 'aa3a7cb5bcee7cc0d61e80a9bfed7daeeec89ba3'

author: Repository mirror & CI <repomirrorci@gentoo.org> 2023-09-17 05:46:33 +0000
committer: Repository mirror & CI <repomirrorci@gentoo.org> 2023-09-17 05:46:33 +0000
commit: 2d67f55bf85687b663c8e2138506258a56c8d8c9 (patch)
tree: 50d57bfca51553f92bd3a20ef57fb9d3b9f54e18 /metadata/glsa
parent: Merge updates from master (diff)
parent: [ GLSA 202309-04 ] RAR, UnRAR: Update resolution (diff)
download: gentoo-2d67f55bf85687b663c8e2138506258a56c8d8c9.tar.gz
gentoo-2d67f55bf85687b663c8e2138506258a56c8d8c9.tar.bz2
gentoo-2d67f55bf85687b663c8e2138506258a56c8d8c9.zip
1 files changed, 9 insertions, 7 deletions
diff --git a/metadata/glsa/glsa-202309-04.xml b/metadata/glsa/glsa-202309-04.xml
index 89993eab1461..2e5d9dd4cb1c 100644
--- a/metadata/glsa/glsa-202309-04.xml
+++ b/metadata/glsa/glsa-202309-04.xml
@@ -8,15 +8,16 @@
     <revised count="1">2023-09-17</revised>
     <bug>843611</bug>
     <bug>849686</bug>
+    <bug>912652</bug>
     <access>remote</access>
     <affected>
         <package name="app-arch/rar" auto="yes" arch="*">
-            <unaffected range="ge">6.12</unaffected>
-            <vulnerable range="lt">6.12</vulnerable>
+            <unaffected range="ge">6.23</unaffected>
+            <vulnerable range="lt">6.23</vulnerable>
         </package>
         <package name="app-arch/unrar" auto="yes" arch="*">
-            <unaffected range="ge">6.1.7</unaffected>
-            <vulnerable range="lt">6.1.7</vulnerable>
+            <unaffected range="ge">6.2.10</unaffected>
+            <vulnerable range="lt">6.2.10</vulnerable>
         </package>
     </affected>
     <background>
@@ -36,19 +37,20 @@
         
         <code>
           # emerge --sync
-          # emerge --ask --oneshot --verbose ">=app-arch/rar-6.12"
+          # emerge --ask --oneshot --verbose ">=app-arch/rar-6.23"
         </code>
         
         <p>All UnRAR users should upgrade to the latest version:</p>
         
         <code>
           # emerge --sync
-          # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.1.7"
+          # emerge --ask --oneshot --verbose ">=app-arch/unrar-6.2.10"
         </code>
     </resolution>
     <references>
         <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-30333">CVE-2022-30333</uri>
+        <uri link="https://nvd.nist.gov/vuln/detail/CVE-2023-40477">CVE-2023-40477</uri>
     </references>
     <metadata tag="requester" timestamp="2023-09-17T05:24:38.613653Z">ajak</metadata>
     <metadata tag="submitter" timestamp="2023-09-17T05:24:38.615853Z">sam</metadata>
-</glsa>
-\ No newline at end of file
+</glsa>
author	Repository mirror & CI <repomirrorci@gentoo.org>	2023-09-17 05:46:33 +0000
committer	Repository mirror & CI <repomirrorci@gentoo.org>	2023-09-17 05:46:33 +0000
commit	2d67f55bf85687b663c8e2138506258a56c8d8c9 (patch)
tree	50d57bfca51553f92bd3a20ef57fb9d3b9f54e18 /metadata/glsa
parent	Merge updates from master (diff)
parent	[ GLSA 202309-04 ] RAR, UnRAR: Update resolution (diff)
download	gentoo-2d67f55bf85687b663c8e2138506258a56c8d8c9.tar.gz gentoo-2d67f55bf85687b663c8e2138506258a56c8d8c9.tar.bz2 gentoo-2d67f55bf85687b663c8e2138506258a56c8d8c9.zip