oss-sec mailing list archives
Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release)
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 23 Oct 2018 20:09:45 +0200
Hi FTR, three CVEs were assigned by MITRE, whereeas one is explicitly marked as DISPUTED, because upstream makes clear in the changelog entry, that the chmextract utility is more an example code how to use the library rather than "productised" binaries. Still a CVE was assigned for downstreams using it as such. Here are the assignments: CVE-2018-18584: https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 CVE-2018-18585: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f CVE-2018-18586: https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d Regards, Salvatore
Current thread:
- Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Hanno Böck (Oct 21)
- Re: Buffer overflow in cabextract/libmspack (Fwd: New cabextract 1.8 and libmspack 0.8 release) Salvatore Bonaccorso (Oct 23)