Date: Tue, 15 Sep 2015 13:50:31 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: Re: Heap overflow and DoS in unzip 6.0 2015-09-15 13:38 GMT-03:00 Hanno Böck <hanno@...eck.de>: > On Tue, 15 Sep 2015 13:10:17 -0300 > Gustavo Grieco <gustavo.grieco@...il.com> wrote: > > > AFAIK, upstream is still working on the heap overflow issue (the DoS > > is fixed in the last unzip beta). In concrete, they said: > > Actually talking about upstream: The state of the info-zip packages is > pretty dismal. > > There are issues from 2009(!) that haven't seen a fix yet, at least > not in a release: > http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=267 > > Are you in contact with upstream? > I contact them a few months ago regarding these issues using this web form: http://www.info-zip.org/zip-bug.html They were very fast and friendly answering. > > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42 >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ