Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 Sep 2015 13:50:31 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Heap overflow and DoS in unzip 6.0

2015-09-15 13:38 GMT-03:00 Hanno Böck <hanno@...eck.de>:

> On Tue, 15 Sep 2015 13:10:17 -0300
> Gustavo Grieco <gustavo.grieco@...il.com> wrote:
>
> > AFAIK, upstream is still working on the heap overflow issue (the DoS
> > is fixed in the last unzip beta). In concrete, they said:
>
> Actually talking about upstream: The state of the info-zip packages is
> pretty dismal.
>

> There are issues from 2009(!) that haven't seen a fix yet, at least
> not in a release:
> http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267
>
> Are you in contact with upstream?
>

I contact them a few months ago regarding these issues using this web form:
http://www.info-zip.org/zip-bug.html
They were very fast and friendly answering.


>
> --
> Hanno Böck
> http://hboeck.de/
>
> mail/jabber: hanno@...eck.de
> GPG: BBB51E42
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ