bug#30415: Unzip CVE-2018-1000031 and others

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30415: Unzip CVE-2018-1000031 and others

From:	Leo Famulari
Subject:	bug#30415: Unzip CVE-2018-1000031 and others
Date:	Sun, 11 Feb 2018 10:35:48 -0500
User-agent:	Mutt/1.9.3 (2018-01-21)

On Sat, Feb 10, 2018 at 01:57:28PM -0500, Leo Famulari wrote:
> We need to fix CVE-2018-1000031, CVE-2018-1000032, CVE-2018-1000033,
> CVE-2018-1000034, CVE-2018-1000035 in UnZip:
> 
> http://seclists.org/oss-sec/2018/q1/134
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000031 and etc

Okay, the advisory says that only CVE-2018-1000035 affects our UnZip 6.0
package; the other bugs were apparently introduced after that.

And CVE-2018-1000035 may be mitigated by the compiler. I'll investigate
more.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/10
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari <=
  - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/12
    - bug#30415: Unzip CVE-2018-1000031 and others, Ricardo Wurmus, 2018/02/14
    - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/13

Prev by Date: bug#30414: Libreoffice CVE-2018-6871 [remote read of any local files]
Next by Date: bug#30414: Libreoffice CVE-2018-6871 [remote read of any local files]
Previous by thread: bug#30415: Unzip CVE-2018-1000031 and others
Next by thread: bug#30415: Unzip CVE-2018-1000031 and others
Index(es):
- Date
- Thread