Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Jul 2018 09:09:36 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Fw: New cabextract 1.7 and libmspack 0.7 release

Several memory safety bugs fixed, see below.

Begin forwarded message:

Date: Thu, 26 Jul 2018 00:46:18 +0100
From: Stuart Caie
Subject: New cabextract 1.7 and libmspack 0.7 release


Hello all,

cabextract 1.7 has been released.

It fixes a few bugs, an introduces a new "--encoding" option, which is 
made available if the iconv() function and/or libiconv library are 
available on your system. It also now tries calling setlocale() (if 
present) with several possible locales that have a UTF-8 ctype, to
allow towlower() (if present) to lowercase non-ASCII characters.

cabextract can be downloaded from https://www.cabextract.org.uk/

SHA256 sums:

06d3cdded6519fccff1532f64ab54ce6cc3c7be51bcc6fff0f91092179a9bb26 
cabextract-1.7-1.i386.rpm
11570d7e5ba0f46f458b88d76d2f0bdcad3a1266055ea5c8229830be2023e16e 
cabextract-1.7-1.src.rpm
297203c826c004801ea1b17414f568e7bdf56c3ae9bbaca4d8514e8a56e506bd 
cabextract-1.7.tar.gz

libmspack 0.7alpha has also been released. It fixes several bugs:

* bad KWAJ file header extensions could cause a one or two byte
  overwrite
* The character U+0100 in a CHM filename could cause a one-byte overread
* libmspack now rejects blank CHM filenames.
* Fixed off-by-one error in CHM PMGI/PMGL chunk number validity checks, 
which could cause a crash by dereferencing uninitialised data beyond
  the end of the fast_find() chunk cache.

libmspack can be downloaded from
https://www.cabextract.org.uk/libmspack/

SHA256 sum:

36e0516cdb60617871d396fb85464f440b4ab76942ce6bdd0438ca8d70f32772 
libmspack-0.7alpha.tar.gz

Regards
Stuart


-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ