Bug#1010355: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Am Thu, Jun 30, 2022 at 02:16:55PM +0200 schrieb Santiago Vila: > Dear Steven and Mark: > > I plan to apply the attached patches (from Enrico Zini) to fix CVE-2022-0529 > and CVE-2022-0530 in Debian unzip, but before doing so I would like to have > some feedback from upstream (i.e. you) or either

Bug#1010355: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Dear Steven and Mark: I plan to apply the attached patches (from Enrico Zini) to fix CVE-2022-0529 and CVE-2022-0530 in Debian unzip, but before doing so I would like to have some feedback from upstream (i.e. you) or either from the Security Team (also in CC). Details about the bug here:

Bug#1010355: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

On Tue, Jun 14, 2022 at 07:06:37PM +0200, Santiago Vila wrote: > But the github repository containing the test cases, namely this: > https://github.com/ByteHackr/unzip_poc > contains a test case for yet another problem called CVE-2022-0529 > which I would like to fix as well. Hello Steven and

Bug#1010355: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

will be appreciated. Thanks. Forwarded Message Subject: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input Date: Fri, 29 Apr 2022 13:27:33 +0200 From: Enrico Zini Reply-To: Enrico Zini , 1010...@bugs.debian.org To: Debian Bug Tracking System Package: unzip Version

Bug#1010355: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input Resent-Date: Fri, 29 Apr 2022 11:39:02 + Resent-From: Enrico Zini Resent-To: debian-bugs-dist@lists.debian.org Resent-CC: t...@security.debian.org, Santiago Vila Fecha: Fri, 29 Apr 2022 13:27:33 +0200 De: Enrico

Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

notfixed 6.0-26 Correction: the issue also affects 6.0-26, but is only reproducible after export LANG=C Enrico -- GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini

Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

El 29/4/22 a las 13:27, Enrico Zini escribió: Package: unzip Version: 6.0-21+deb9u2 Severity: serious Tags: security upstream patch X-Debbugs-Cc: Debian Security Team Thanks for the report. I would have preferred to reopen the already existing one, but nevermind (I asked security team a few

Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Package: unzip Version: 6.0-21+deb9u2 Severity: serious Tags: security upstream patch X-Debbugs-Cc: Debian Security Team Fixed: 6.0-26 Hello, details are at https://security-tracker.debian.org/tracker/CVE-2022-0530 stretch and buster segfault: $ unzip testcase-0530 Archive: