LHa for UNIX is built from an old vulnerable source

The formula for lha seems to use a deprecated version of the source (1.14i-ac20050924p1). Koji Arai (the maintainer of LHa for UNIX) states on his Japanese page (https://lha.osdn.jp/): “Warning: ver. 1.14i-ac20050924p1 contains a vulnerability. Use the latest source code from the GitHub repository.” The latest version on GitHub is: 1.14i-ac20081023.7c3cd95

1 Like

You can find out how to do this here: https://docs.brew.sh/Updating-Software-in-Homebrew

1 Like