Created attachment 221715 [details]
Patch to archivers/p7zip-codec-rar
Apply patch obtained from Debian to fix CVE-2018-10115 vulnerability in the p7zip rar codec handler.
This requires renaming files/patch-CVE-2018-5996 by prepending a zero to the number since 10115 depends upon the prior patch being applied first.
Thanks, Sean. This was tracked in a previous bug that ended up being wrongly closed a while ago. I remember working on this a couple of years ago but ended up not going as far as landing anything.
I'm marking this as a duplicate of the original bug to center the discussion in one place: can you take a look at https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=228239#c4 and the patch I posted to Debian? If I'm reading my own comments correctly this should allow us to drop the patch for CVE-2018-5996 altogether, but I really don't remember much about this anymore.
*** This bug has been marked as a duplicate of bug 228239 ***