Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#57147 - [zziplib] [Security] denial of service (CVE-2017-5980)

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Thursday, 18 January 2018, 23:09 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Tuesday, 13 February 2018, 10:08 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

The package zziplib is vulnerable to denial of service via CVE-2017-5980.

Guidance
========

Unfortunately no fix seems to be available so far, find github issue below for tracking progress.

References
==========

https://security.archlinux.org/AVG-591
http://www.openwall.com/lists/oss-security/2017/02/14/3
https://blogs.gentoo.org/ago/2017/02/09/zziplib-load-of-misaligned-address-in-memdisk-c/
https://github.com/gdraheim/zziplib/issues/4
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Tuesday, 13 February 2018, 10:08 GMT
Reason for closing:  Fixed
Comment by Sven-Hendrik Haase (Svenstaro) - Tuesday, 13 February 2018, 10:08 GMT
This is fixed in the current release.

Loading...