Your message dated Mon, 17 Mar 2014 16:49:59 +0000
with message-id <[email protected]>
and subject line Bug#741384: fixed in unzip 6.0-11
has caused the Debian Bug report #741384,
regarding unzip -v: *** buffer overflow detected ***: unzip terminated
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
741384: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741384
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: unzip
Version: 6.0-10
Severity: important
Justification: buffer overflow
Control: submitter -1 Max Spring <[email protected]>
I tried running "unzip -v replication.jar" with the attached
replication.jar (it comes from WEB-INF/plugins/ in gerrit-2.8.1.war).
Expected result:
A nice file listing.
Actual result:
| Archive: WEB-INF/plugins/replication.jar
| Length Method Size Cmpr Date Time CRC-32 Name
| -------- ------ ------- ---- ---------- ----- -------- ----
| 2252 Defl:N 1150 49% 2014-01-15 09:48 dc357e9e
com/googlesource/gerrit/plugins/replication/SecureCredentialsProvider.class
[...]
| 1379 Defl:N 467 66% 2014-01-15 09:48 5a74228e META-INF/MANIFEST.MF
| *** buffer overflow detected ***: /usr/bin/unzip terminated
| ======= Backtrace: =========
| /lib/x86_64-linux-gnu/libc.so.6(+0x6e8ef)[0x7ffff768e8ef]
| /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff7714b97]
| /lib/x86_64-linux-gnu/libc.so.6(+0xf3c20)[0x7ffff7713c20]
| /lib/x86_64-linux-gnu/libc.so.6(+0xf3149)[0x7ffff7713149]
| /lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x4288)[0x7ffff766a848]
| /lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x88)[0x7ffff77131d8]
| /lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7ffff771312d]
| /usr/bin/unzip[0x40f091]
| /usr/bin/unzip[0x410b0e]
| /usr/bin/unzip[0x411257]
| /usr/bin/unzip[0x403bd5]
| /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7ffff7641b45]
| /usr/bin/unzip[0x401e39]
Ideas?
>From https://code.google.com/p/gerrit/issues/detail?id=2543
Thanks,
Jonathan
--- End Message ---
--- Begin Message ---
Source: unzip
Source-Version: 6.0-11
We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated unzip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Mar 2014 17:38:50 +0100
Source: unzip
Binary: unzip
Architecture: source amd64
Version: 6.0-11
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Description:
unzip - De-archiver for .zip files
Closes: 727306 741384
Changes:
unzip (6.0-11) unstable; urgency=medium
.
* Lowered mime priority to 3, somewhat below 5 which is file-roller
default value. Closes: #727306.
* Increase size of cfactorstr array in list.c to avoid a buffer
overflow problem. Closes: #741384.
Checksums-Sha1:
568f3388465e557534d771107c591216cf05d34a 1306 unzip_6.0-11.dsc
002ddc68d97ef4d5154fea71a378696395768aa9 11032 unzip_6.0-11.debian.tar.xz
555f3a9804779596f6e70b0976090b334cbeffc7 158862 unzip_6.0-11_amd64.deb
Checksums-Sha256:
77fce46057c096713545bb1486e35f6637e51221fe29a5997091575c313bbee5 1306
unzip_6.0-11.dsc
f1b085de2ae8166bf8164b744e97eb2ae3c7ca4f202d8c05c3bf0f689e74031e 11032
unzip_6.0-11.debian.tar.xz
d364321bec2583c5c74835f4b20a1627ba129c7a633c1da256e2a4850a646fae 158862
unzip_6.0-11_amd64.deb
Files:
a1ba51cfa479094d1ae289ca92769b01 1306 utils optional unzip_6.0-11.dsc
bb7205d9f96cd4b284e82564331b1a6d 11032 utils optional
unzip_6.0-11.debian.tar.xz
bddc4371648b448ff592559d75e89c3b 158862 utils optional unzip_6.0-11_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJTJyXnAAoJEEHOfwufG4sy3uAH/3GVkfB9pjVoajg+V0XXnxuz
sRxyZ/ppVDd2sOXK3OgWQnZKREIkWskTZuOsOpCdkWWbsb+5R5hng/zlzR4152y0
xHXPuRIMba9VrMKUDFYIrWzcHmTh592Xhc+QhrNqsSBRQ0WUidudozLI39AhaG4V
ZqIaEU0a7J2IvOngxYHiXAxIVdIzwUSTPKK/BohR4xFVvtQQrBgiAwwrzas4ONdf
MCnHOqLhJAjPJw3fXnAE34C/sG78CucXqB7oMST9tjMLW7i09wV1ZfeKNtUkVYke
n2yZMnCG4jK8BJoHnmugsTpe5C3lbpSRiRJWTgwJI6F87UCbGjcgYYhB2oZmXwU=
=zbXn
-----END PGP SIGNATURE-----
--- End Message ---
