|
Message-Id: <16120516273894_2020046C@antinode.info> Date: Mon, 5 Dec 2016 16:27:38 -0600 (CST) From: "Steven M. Schweda" <sms@...inode.info> To: tyhicks@...onical.com, oss-security@...ts.openwall.com Cc: security@...ntu.com, Info-ZIP-Dev@...tley.com Subject: Re: CVE Request: Info-Zip zipinfo buffer overflow From: Tyler Hicks <tyhicks@...onical.com> > > Thanks for the (thorough, helpful) report. > > I appreciate it but Alexis deserves most of the credit. The item in the next History.610 file should resemble: - In ZipInfo ("-Z", /ZIPINFO) short-format ("-s", /SHORT, default) reports, an unexpectedly large compression method value (>999) caused a (mostly harmless) buffer overflow, and spoiled the report format. Now, values less than 1000 are displayed as before, using a three-digit decimal format, "uDDD", but larger values are displayed using a four-digit (unlabled) hexadecimal format, "XXXX". https://launchpad.net/bugs/1643750 (zipinfo.c) [Alexis Vanden Eijnde, Tyler Hicks, SMS] (Credit is cheap.) > Thanks for the quick fix. Is there a public code repository available so > that we can reference a specific commit that fixes this issue? No. We've been thinking about it, though. > Nope. As you probably noticed, MITRE just assigned a CVE. It likely > helped that you confirmed the issue. Swell. (One fewer thing I need to know.) > Thanks again! Same to you (plural). ------------------------------------------------------------------------ Steven M. Schweda sms@...inode-info
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.