oss-sec mailing list archives

Re: Heap overflow and DoS in unzip 6.0

From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Tue, 15 Sep 2015 13:50:31 -0300

2015-09-15 13:38 GMT-03:00 Hanno Böck <hanno () hboeck de>:

On Tue, 15 Sep 2015 13:10:17 -0300
Gustavo Grieco <gustavo.grieco () gmail com> wrote:

AFAIK, upstream is still working on the heap overflow issue (the DoS
is fixed in the last unzip beta). In concrete, they said:


Actually talking about upstream: The state of the info-zip packages is
pretty dismal.

There are issues from 2009(!) that haven't seen a fix yet, at least
not in a release:
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267

Are you in contact with upstream?


I contact them a few months ago regarding these issues using this web form:
http://www.info-zip.org/zip-bug.html
They were very fast and friendly answering.


--
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Current thread:

Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 07)
- Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 15)
  - Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
    - Re: Heap overflow and DoS in unzip 6.0 Hanno Böck (Sep 15)
    - Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
    - Re: Heap overflow and DoS in unzip 6.0 Mark Felder (Sep 17)
    - Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 21)