oss-sec mailing list archives

Re: CVE Request: Info-ZIP unzip 6.0

From: "Steven M. Schweda" <sms () antinode info>
Date: Wed, 11 Feb 2015 06:42:21 -0600 (CST)

From: mancha <mancha1 () zoho com>

I've removed the buggy patch from sf and replaced it with:

http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff


   Also changed:

      http://antinode.info/ftp/info-zip/unzip60/extract.c

2253c2253,2254
<     if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
---

    if ((eb_compr_method == STORED) &&
     (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))


------------------------------------------------------------------------

   Steven M. Schweda               sms@antinode-info
   382 South Warwick Street        (+1) 651-699-9818
   Saint Paul  MN  55105-2547

Current thread:

Re: CVE Request: Info-ZIP unzip 6.0 mancha (Jan 20)
- Re: CVE Request: Info-ZIP unzip 6.0 cve-assign (Jan 22)
- <Possible follow-ups>
- Re: CVE Request: Info-ZIP unzip 6.0 Tomas Hoger (Feb 10)
  - Re: CVE Request: Info-ZIP unzip 6.0 mancha (Feb 11)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 10)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 11)