[Git][security-tracker-team/security-tracker][master] Add CVE-2018-18384/unzip

Tue, 16 Oct 2018 13:37:18 -0700 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
1523ba5a by Salvatore Bonaccorso at 2018-10-16T20:36:28Z
Add CVE-2018-18384/unzip

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -30,7 +30,13 @@ CVE-2018-18385 (Asciidoctor v1.5.7.1 allows remote attackers 
to cause a denial o
        - asciidoctor <unfixed>
        NOTE: https://github.com/asciidoctor/asciidoctor/issues/2888
 CVE-2018-18384 (Info-ZIP UnZip 6.0 has a buffer overflow in list.c, when a ZIP 
archive ...)
-       TODO: check
+       - unzip 6.0-11 (bug #741384)
+       NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1110194
+       NOTE: https://sourceforge.net/p/infozip/bugs/53/
+       NOTE: The cfactorstr buffer was already increased to 12 with the
+       NOTE: 07-increase-size-of-cfactorstr.patch patch as applied for #741384
+       NOTE: Upstream confirmed as well this is indeed enough as per
+       NOTE: https://sourceforge.net/p/infozip/bugs/53/#ba07
 CVE-2018-18383
        RESERVED
 CVE-2018-18382 (Advanced HRM 1.6 allows Remote Code Execution via PHP code in 
a .php ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1523ba5a6bf493d43d7aa4cae29a40bec0f87206

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/1523ba5a6bf493d43d7aa4cae29a40bec0f87206
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to