oss-sec mailing list archives
Re: Heap overflow and DoS in unzip 6.0
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Tue, 15 Sep 2015 13:50:31 -0300
2015-09-15 13:38 GMT-03:00 Hanno Böck <hanno () hboeck de>:
On Tue, 15 Sep 2015 13:10:17 -0300 Gustavo Grieco <gustavo.grieco () gmail com> wrote:AFAIK, upstream is still working on the heap overflow issue (the DoS is fixed in the last unzip beta). In concrete, they said:Actually talking about upstream: The state of the info-zip packages is pretty dismal.
There are issues from 2009(!) that haven't seen a fix yet, at least not in a release: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267 Are you in contact with upstream?
I contact them a few months ago regarding these issues using this web form: http://www.info-zip.org/zip-bug.html They were very fast and friendly answering.
-- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Current thread:
- Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 07)
- Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 15)
- Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
- Re: Heap overflow and DoS in unzip 6.0 Hanno Böck (Sep 15)
- Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
- Re: Heap overflow and DoS in unzip 6.0 Mark Felder (Sep 17)
- Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 21)
- Re: Heap overflow and DoS in unzip 6.0 Gustavo Grieco (Sep 15)
- Re: Heap overflow and DoS in unzip 6.0 Stefan Cornelius (Sep 15)