oss-sec mailing list archives
Fw: New cabextract 1.7 and libmspack 0.7 release
From: Hanno Böck <hanno () hboeck de>
Date: Thu, 26 Jul 2018 09:09:36 +0200
Several memory safety bugs fixed, see below. Begin forwarded message: Date: Thu, 26 Jul 2018 00:46:18 +0100 From: Stuart Caie Subject: New cabextract 1.7 and libmspack 0.7 release Hello all, cabextract 1.7 has been released. It fixes a few bugs, an introduces a new "--encoding" option, which is made available if the iconv() function and/or libiconv library are available on your system. It also now tries calling setlocale() (if present) with several possible locales that have a UTF-8 ctype, to allow towlower() (if present) to lowercase non-ASCII characters. cabextract can be downloaded from https://www.cabextract.org.uk/ SHA256 sums: 06d3cdded6519fccff1532f64ab54ce6cc3c7be51bcc6fff0f91092179a9bb26 cabextract-1.7-1.i386.rpm 11570d7e5ba0f46f458b88d76d2f0bdcad3a1266055ea5c8229830be2023e16e cabextract-1.7-1.src.rpm 297203c826c004801ea1b17414f568e7bdf56c3ae9bbaca4d8514e8a56e506bd cabextract-1.7.tar.gz libmspack 0.7alpha has also been released. It fixes several bugs: * bad KWAJ file header extensions could cause a one or two byte overwrite * The character U+0100 in a CHM filename could cause a one-byte overread * libmspack now rejects blank CHM filenames. * Fixed off-by-one error in CHM PMGI/PMGL chunk number validity checks, which could cause a crash by dereferencing uninitialised data beyond the end of the fast_find() chunk cache. libmspack can be downloaded from https://www.cabextract.org.uk/libmspack/ SHA256 sum: 36e0516cdb60617871d396fb85464f440b4ab76942ce6bdd0438ca8d70f32772 libmspack-0.7alpha.tar.gz Regards Stuart -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- Fw: New cabextract 1.7 and libmspack 0.7 release Hanno Böck (Jul 26)
- Re: Fw: New cabextract 1.7 and libmspack 0.7 release Salvatore Bonaccorso (Jul 28)