tags 424690 + confirmed thanks Hello Steve,
Am Montag, den 18.06.2007, 12:33 +0100 schrieb Steve Kemp: > I see no copy of the vulnerable code in the Debian version of unzoo, > I suspect this is only an issue for the non-free version of unzoo, > which we'll not release an update for. I am sorry to tell you that the version of unzoo in Debian is affected, too. I have tested to unextract a prepared .zoo file with Debian's unzoo and the infinite loop occured... The code in unzoo is not the same as the code in zoo (it is not just a subset or some copy-paste thing). The patch that is provided with the CVE announcement applies to zoo, but not unzoo, which makes fixing the issue a lot more difficult for the maintainer (i.e. me, sigh!). However, I have not yet found the time to adopt the patch to unzoo. Any help is very much appreciated! Cheers, Fabian. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]