oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more unzip issues

From: Alexander Cherepanov <cherepan () mccme ru>
Date: Mon, 03 Nov 2014 15:35:19 +0300
On 2014-11-03 14:14, Hanno Böck wrote:

Surfing the upstream forum I saw that there are two further buffer
overflows which didn't get a release yet:
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=437
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267
(these two seem to refer to the same issue)
Also here:
https://bugzilla.redhat.com/show_bug.cgi?id=532380
http://bugs.debian.org/744212

And this one:
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=432


Should they get CVEs?

(I was kind of surprised that on my Gentoo system the samples crashed
although these issues were several months old)


https://bugzilla.redhat.com/show_bug.cgi?id=532380 is from 2009.

--
Alexander Cherepanov
Previous By Date Next
Previous By Thread Next

Current thread: