Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 11 Feb 2015 06:42:21 -0600 (CST)
From: "Steven M. Schweda" <sms@...inode.info>
To: mancha1@...o.com, OSS-SECURITY@...ts.openwall.com, CVE-ASSIGN@...re.org,
	THOGER@...hat.com
Cc: Info-ZIP-Dev@...tley.com
Subject: Re: CVE Request: Info-ZIP unzip 6.0

From: mancha <mancha1@...o.com>

> I've removed the buggy patch from sf and replaced it with:
> 
> http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff

   Also changed:

      http://antinode.info/ftp/info-zip/unzip60/extract.c

2253c2253,2254
<     if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize))
---
>     if ((eb_compr_method == STORED) &&
>      (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))

------------------------------------------------------------------------

   Steven M. Schweda               sms@...inode-info
   382 South Warwick Street        (+1) 651-699-9818
   Saint Paul  MN  55105-2547

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ