Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Sep 2015 18:38:42 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Heap overflow and DoS in unzip 6.0

On Tue, 15 Sep 2015 13:10:17 -0300
Gustavo Grieco <gustavo.grieco@...il.com> wrote:

> AFAIK, upstream is still working on the heap overflow issue (the DoS
> is fixed in the last unzip beta). In concrete, they said:

Actually talking about upstream: The state of the info-zip packages is
pretty dismal.

There are issues from 2009(!) that haven't seen a fix yet, at least
not in a release:
http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267

Are you in contact with upstream?

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ