oss-sec mailing list archives
Re: CVE Request: Info-ZIP unzip 6.0
From: "Steven M. Schweda" <sms () antinode info>
Date: Wed, 11 Feb 2015 06:42:21 -0600 (CST)
From: mancha <mancha1 () zoho com>
I've removed the buggy patch from sf and replaced it with: http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff
Also changed: http://antinode.info/ftp/info-zip/unzip60/extract.c 2253c2253,2254 < if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize)) ---
if ((eb_compr_method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547
Current thread:
- Re: CVE Request: Info-ZIP unzip 6.0 mancha (Jan 20)
- Re: CVE Request: Info-ZIP unzip 6.0 cve-assign (Jan 22)
- <Possible follow-ups>
- Re: CVE Request: Info-ZIP unzip 6.0 Tomas Hoger (Feb 10)
- Re: CVE Request: Info-ZIP unzip 6.0 mancha (Feb 11)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 10)
- Re: CVE Request: Info-ZIP unzip 6.0 Steven M. Schweda (Feb 11)