Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#43300 - [unzip] input sanitization errors
Attached to Project:
Arch Linux
Opened by Sami Kerola (kerolasa) - Thursday, 01 January 2015, 19:45 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 09 January 2015, 19:38 GMT
Opened by Sami Kerola (kerolasa) - Thursday, 01 January 2015, 19:45 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 09 January 2015, 19:38 GMT
|
DetailsDescription:
* http://www.ocert.org/advisories/ocert-2014-011.html CVE-2014-8139 (CRC32 heap overflow), CVE-2014-8140 (test_compr_eb), CVE-2014-8141 (getZip64Data) Additional info: * Vulnerable package: unzip 6.0-7 Action needed: * Include RedHat patches to Archlinux package. See attachments from: https://bugzilla.redhat.com/show_bug.cgi?id=1174844 https://bugzilla.redhat.com/show_bug.cgi?id=1174856 |
This task depends upon
Closed by Gaetan Bisson (vesath)
Friday, 09 January 2015, 19:38 GMT
Reason for closing: Fixed
Additional comments about closing: unzip-6.0-8 in [extra]
Friday, 09 January 2015, 19:38 GMT
Reason for closing: Fixed
Additional comments about closing: unzip-6.0-8 in [extra]