Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#43300 - [unzip] input sanitization errors

Attached to Project: Arch Linux
Opened by Sami Kerola (kerolasa) - Thursday, 01 January 2015, 19:45 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 09 January 2015, 19:38 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
* http://www.ocert.org/advisories/ocert-2014-011.html
CVE-2014-8139 (CRC32 heap overflow),
CVE-2014-8140 (test_compr_eb),
CVE-2014-8141 (getZip64Data)

Additional info:
* Vulnerable package: unzip 6.0-7

Action needed:
* Include RedHat patches to Archlinux package. See attachments from:
https://bugzilla.redhat.com/show_bug.cgi?id=1174844
https://bugzilla.redhat.com/show_bug.cgi?id=1174856
This task depends upon

Closed by  Gaetan Bisson (vesath)
Friday, 09 January 2015, 19:38 GMT
Reason for closing:  Fixed
Additional comments about closing:  unzip-6.0-8 in [extra]

Loading...