Date: Tue, 15 Sep 2015 18:38:42 +0200 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Heap overflow and DoS in unzip 6.0 On Tue, 15 Sep 2015 13:10:17 -0300 Gustavo Grieco <gustavo.grieco@...il.com> wrote: > AFAIK, upstream is still working on the heap overflow issue (the DoS > is fixed in the last unzip beta). In concrete, they said: Actually talking about upstream: The state of the info-zip packages is pretty dismal. There are issues from 2009(!) that haven't seen a fix yet, at least not in a release: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267 Are you in contact with upstream? -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ