oss-sec mailing list archives
Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip
From: Timo Warns <warns () pre-sense de>
Date: Thu, 29 Mar 2012 15:29:33 +0200
I just realized that only libzip 0.10 is affected by these vulnerabilities, but not older versions of libzip. Stefan Cornelius has identified the precise commits that introduced the vulnerabilities: https://bugzilla.redhat.com/show_bug.cgi?id=802564 https://bugzilla.redhat.com/show_bug.cgi?id=803028 As PHP and zipruby include older versions of libzip, they are not affected by the issues. Cheers, Timo
Current thread:
- CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 21)
- Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip Timo Warns (Mar 29)