bug#30415: Unzip CVE-2018-1000031 and others

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30415: Unzip CVE-2018-1000031 and others

From:	Leo Famulari
Subject:	bug#30415: Unzip CVE-2018-1000031 and others
Date:	Sun, 11 Feb 2018 10:09:49 -0500
User-agent:	Mutt/1.9.3 (2018-01-21)

The 3rd-party security advisory suggests that the bugs are fixed in
UnZip 6.1c23:

https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html

See unzip610c23.zip here:

http://antinode.info/ftp/info-zip/

Unfortunately, this is a zip file, unlike the 9 year old tarball on the
UnZip SourceForge page.

Any advice? I suppose we could keep the old UnZip package just to unpack
the new one.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/10
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari <=
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
  - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/12
    - bug#30415: Unzip CVE-2018-1000031 and others, Ricardo Wurmus, 2018/02/14
    - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/13

Prev by Date: bug#30414: Libreoffice CVE-2018-6871 [remote read of any local files]
Next by Date: bug#30414: Libreoffice CVE-2018-6871 [remote read of any local files]
Previous by thread: bug#30415: Unzip CVE-2018-1000031 and others
Next by thread: bug#30415: Unzip CVE-2018-1000031 and others
Index(es):
- Date
- Thread