FS#10067 - unzip 5.52-3 potential arbitrary code execution
Attached to Project:
Arch Linux
Opened by Paul Bredbury (brebs) - Thursday, 03 April 2008, 00:17 GMT
Last edited by Dan McGee (toofishes) - Saturday, 05 April 2008, 14:08 GMT
Opened by Paul Bredbury (brebs) - Thursday, 03 April 2008, 00:17 GMT
Last edited by Dan McGee (toofishes) - Saturday, 05 April 2008, 14:08 GMT
|
Details
Hi, unzip 5.52-3 has a potential security flaw:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888 http://bugs.gentoo.org/show_bug.cgi?id=213761 Download the patch: wget -O unzip-5.5.2-CVE-2008-0888.patch http://bugs.gentoo.org/attachment.cgi?id=146443 For reassurance, this exact patch is in Ubuntu: http://packages.ubuntu.com/hardy/unzip (unzip_5.52-10ubuntu2.diff.gz) Enclosed is the required PKGBUILD diff. |
This task depends upon
Closed by Dan McGee (toofishes)
Saturday, 05 April 2008, 14:08 GMT
Reason for closing: Fixed
Additional comments about closing: fixed in unzip-5.52-4
Saturday, 05 April 2008, 14:08 GMT
Reason for closing: Fixed
Additional comments about closing: fixed in unzip-5.52-4
Comment by Dan McGee (toofishes) -
Thursday, 03 April 2008, 18:33 GMT
I'll try and address this tonight or tomorrow. Thanks for pointing
it out.