-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Yuriy M. Kaminskiy pisze: >> Can you check it actually affects [...] > > According to http://www.talosintel.com/reports/* (as linked from > tracker), CVE-2016-2334 affects HFS+ parser and CVE-2016-2335 UDF > parser.
I've found patches at [1]. Patch for CVE-2016-2335 applies clearly on both 9.20 and 15.14. However the patch for CVE-2016-2334 can be applied to 15.14 only. According to [2] "HFS support was improved" in version 9.32 beta, so 9.20 might not be vulnerable to this issue. Dear Talos Team, Could you please confirm whether 9.20 is or is not vulnerable to CVE-2016-2334? Regards, Robert [1] https://sourceforge.net/p/p7zip/discussion/383043/thread/9d0fb86b/?limit =25#3933/23ee [2] http://www.7-zip.org/history.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXODv1AAoJEGMd51U76K/U8YMQAI0LxsIhC3xEj7jlm3bjVhFs mA/DLDYvf5ga1XhJDPOhxynnvwUDxpb7o1fGwTVcPH1iPQhUBCszgLbHvB2t/6HN 8Ksb5MiLPdb34CVbEqCIaVGeJBPVNpWZsIlD5dUWMdf0eY5KxLh+l3BHfH79daX6 YTYfXzO14DXMdl7WobWXUO9BRd8uzaVgUjbuyZc4pwTiEnDqEaMMa73gFEaFipdu 23FDURjca30ayYXBFSTqDhBog+L1QbC7vqA4DYPTzmtDbTijHcxuFQDcCUsVDsQb cFPAeZYNtHpP4oD6dZGvVjH8ogAxyVR3Q5h18KlTeSmw/21sFzvuVtlUclBxOrui gUqi6Yc2s7gRoQfLbknAO3AE6I6C5FhRl5GqxFGuhX3bSmShDwyQ38tAWgGb0tES q8PyViTMs2FBW884vqWK250usCaizJthWjP1wJwxVXPkzMs2wPdiTsYTzhFHTeIr Inv4LL7Z0bkNzHi7zTZ8bJnbOpcIGoOm7jyfwNSgSQysHpgMmFPcLG8R1+ZiRTjq ewF3iJ/h+hqWH6BEL6UhhApLmuu6ekcGjps+ZcszgheiIQl5N0vuFYywfaTgvnkz m0NRD89AlYkhJAa8PB1SiQkCz7JoVpyJuNO/6WmC6bk03/KaT8tSlQflH4na3wTg UaaUFx8XWMcN1FUhDubb =suAt -----END PGP SIGNATURE-----
