#2205: Unzip-5.52 Vulnerability -----------------------------------------+---------------------------------- Reporter: [EMAIL PROTECTED] | Owner: [email protected] Type: task | Status: new Priority: high | Milestone: 6.2.0 Component: BOOK | Version: SVN Severity: critical | Resolution: Keywords: | -----------------------------------------+---------------------------------- Comment (by [EMAIL PROTECTED]):
I've been meaning to report this for a long time. There are numerous reported vulnerabilities on unzip. But here's a patch for CAN-2005-2475: http://people.ubuntu.com/patches/unzip.CAN-2005-2475.diff This is the same as what fedora is applying: http://cvs.fedora.redhat.com/viewcvs/*checkout*/devel/unzip/unzip-5.52-toctou.patch There's also a beta version of unzip-6.0 if we really want to be aggressive. http://downloads.sourceforge.net/infozip/unzip60c.zip It also could be a good idea to just apply debian's whole current diff as it has a few other CVE's. http://ftp.debian.org/pool/main/u/unzip/unzip_5.52-9.diff.gz -- Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/2205#comment:1> BLFS Trac <http://wiki.linuxfromscratch.org/blfs> Beyond Linux From Scratch -- http://linuxfromscratch.org/mailman/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
