-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: buzybox Version: 1:1.22.0-15 Severity: normal Tags: security, fixed-upstream
Unziping a specially crafted zip file results in a computation of an invalid pointer and a crash reading an invalid address. Mailing list post: http://www.openwall.com/lists/oss-security/2015/10/25/3 Fix: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e - -- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWLn2SAAoJECet96ROqnV0Na0QAMltt4Ou89+Y1MygWLoME4or TJTdvBlUmZhkZAKup6ZbnrdRsF/sUZZB62F/2DibIbtL3bEbSypfOHsg6P/+Q/j9 vxxxD/yJ1Ry1/Qqseox1Ye7IuoqIto2Gey88bhZVRjHNPBXY3wBQfBF7IbJIpnZH +Lr5uVb8+4vIXy3iKbxLhXY7/hNj19Lg4n4AqQVq/Lbqz1ZLQUAdsOAulrN1l9bJ lcFvtZ5kxWS8a2du+qIfpy14avdpv+rrD+StWbkzbemri9XZpDyGeeFvhg/BQMz/ n+4P5c8B5GVa7IZRxtVTc8tRV2gv3LvipewXxXdX7xxYfXt4iw8SHtFxvUxAD6JM l8dXuSdWFxVKHkf7T8o7refxTyuZ0mY3fmRmpi1dLJiRRegoCarlSs/1YbgjCdp9 R0Y5aS+QWrVRrIcq9BYnCxDa+lBmuMpb6qNFYCVmXideI6RyR3Q+us/aNn/sOCPQ AoKu2tHstHISigTzIjJMVERHBoJInciF4XnxpKJ6XXXIj/1UGNtlRyIpkfY6G2BP ygiTwrtyKLAy3hXNd2rgoWjBW1MkSpg9izumH3E8Pfah+jLqJD/WuBR56yLFL76X PECdqv/tojzqOTgSCxNsvqlP8h8f8FIxXH87xvKyXfOigPw+tMGTeO3q+uCSPak5 O1B2G9rwbzoiBpO7ungy =PGtQ -----END PGP SIGNATURE-----