It was reported that arj is crashing on a crafted ARJ file due to free() call on an invalid pointer: https://bugs.debian.org/774015#11 CVE assignment: http://seclists.org/oss-sec/2015/q1/1035 Patch: http://git.hadrons.org/gitweb/?p=debian/pkgs/arj.git;a=blob_plain;f=debian/patches/security-afl.patch
Created arj tracking bugs for this issue: Affects: fedora-all [bug 1207181] Affects: epel-all [bug 1207182]
this bug points to the same debian bts link in bug 1196751, so maybe is a duplicate.
Yes, this is a duplicate.
arj-3.10.22-22.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
arj-3.10.22-22.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
arj-3.10.22-22.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
arj-3.10.22-22.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
arj-3.10.22-22.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.