On Sat, Feb 10, 2018 at 01:57:28PM -0500, Leo Famulari wrote: > We need to fix CVE-2018-1000031, CVE-2018-1000032, CVE-2018-1000033, > CVE-2018-1000034, CVE-2018-1000035 in UnZip: > > http://seclists.org/oss-sec/2018/q1/134 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000031 and etc
Okay, the advisory says that only CVE-2018-1000035 affects our UnZip 6.0 package; the other bugs were apparently introduced after that. And CVE-2018-1000035 may be mitigated by the compiler. I'll investigate more.
signature.asc
Description: PGP signature
