Brian May <[email protected]> writes: > Will continue to check the code to make sure.
Actually looks like the vulnerable HFS+ is not present in the wheezy version p7zip. In this version CPP/7zip/Archive/Hfs/HfsHandler.cpp is only 243 lines, the exploit is in a function that doesn't exist on lines 1496 to 1575. For the UDF case the code is a bit different, but it looks like it is all there. So possibly might be worth fixing this. I think there would need to be some code to disable the UDF code if it isn't a UDF file system. Even if just for compression not decompression. Still looking for this however. -- Brian May <[email protected]>
