|
Message-Id: <15021106422098_202004A2@antinode.info> Date: Wed, 11 Feb 2015 06:42:21 -0600 (CST) From: "Steven M. Schweda" <sms@...inode.info> To: mancha1@...o.com, OSS-SECURITY@...ts.openwall.com, CVE-ASSIGN@...re.org, THOGER@...hat.com Cc: Info-ZIP-Dev@...tley.com Subject: Re: CVE Request: Info-ZIP unzip 6.0 From: mancha <mancha1@...o.com> > I've removed the buggy patch from sf and replaced it with: > > http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff Also changed: http://antinode.info/ftp/info-zip/unzip60/extract.c 2253c2253,2254 < if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize)) --- > if ((eb_compr_method == STORED) && > (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ------------------------------------------------------------------------ Steven M. Schweda sms@...inode-info 382 South Warwick Street (+1) 651-699-9818 Saint Paul MN 55105-2547
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.