Hi Robert,

On Sun, Jan 28, 2018 at 11:09:09PM +0000, Debian Bug Tracking System wrote:
> This is an automatic notification regarding your Bug report
> which was filed against the p7zip package:
> #888297: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow
>    * Hopefully fix ZIP Shrink: Heap Buffer Overflow (CVE-2017-17969). Thanks
>      to Antoine Beaupré for the initial patch, based on upstream changes in
>      7Zip 18.00.beta (closes: #888297).

It looks the upload for unstable contained a backport of an earlier
variant. Can you update to the most recent iteration as posted in
https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7 ?

The check for cur against kNumItems is missing, not sure this can
cause any further problem.


Reply via email to