bug#30415: Unzip CVE-2018-1000031 and others

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30415: Unzip CVE-2018-1000031 and others

From:	Ricardo Wurmus
Subject:	bug#30415: Unzip CVE-2018-1000031 and others
Date:	Tue, 13 Feb 2018 09:01:44 +0100
User-agent:	mu4e 0.9.18; emacs 25.3.1

Hi Leo,

> The researcher's advisory recommends building UnZip with FORTIFY_SOURCE
> to reduce the impact of the bug. The attached patch does that.
[…]
> +                 ;; Mitigate CVE-2018-1000035, an exploitable buffer 
> overflow.
> +                 ;; This environment variable is recommended in 
> 'unix/Makefile'
> +                 ;; for passing flags to the C compiler.
> +                 (setenv "LOCAL_UNZIP" "-D_FORTIFY_SOURCE=1")
> +                 #t))))))))

This looks good to me.  Thank you!

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

[Prev in Thread]

Current Thread

[Next in Thread]

bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/10
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
  - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/12
    - bug#30415: Unzip CVE-2018-1000031 and others, Ricardo Wurmus <=
    - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/13

Prev by Date: bug#30299: [core-updates] shepherd fails tests on all systems except x86_64
Next by Date: bug#29826: nondeterministic Broken pipe
Previous by thread: bug#30415: Unzip CVE-2018-1000031 and others
Next by thread: bug#30415: Unzip CVE-2018-1000031 and others
Index(es):
- Date
- Thread