Package: zziplib Severity: grave Tags: security Justification: user security hole
Hi The following CVE[0] has be issued against zziplib. The text says: Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. Can you please investigate, if the debian versions are affected or not? If you do an upload, which fixes this issue, please mention the CVE number in the changelog. Thanks for your efforts Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1614 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]