Bug#775687: libmspack: CHM decompression: another pointer arithmetic overflow

2015-01-18 Thread Stuart Caie
On 18/01/2015 22:00, Sebastian Andrzej Siewior wrote: On 2015-01-18 18:59:33 [+0100], Jakub Wilk wrote: Sorry, it's me again! libmspack crashes on the attached file: As I've seen your ubsan reports, I assumed you were done. Wrong this was. $ gpg -d crash.chm.asc crash.chm $ test/chmd_md5

Bug#871263: libmspack: CVE-2017-6419

2017-08-13 Thread Stuart Caie
On 12/08/17 20:40, Sebastian Andrzej Siewior wrote: On 2017-08-12 00:42:06 [+0100], Stuart Caie wrote: On 11/08/17 19:07, Sebastian Andrzej Siewior wrote: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1

Bug#871263: libmspack: CVE-2017-6419

2017-08-11 Thread Stuart Caie
On 11/08/17 19:07, Sebastian Andrzej Siewior wrote: [0] https://security-tracker.debian.org/tracker/CVE-2017-6419 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419 [1] https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 Stuart, is this

Bug#868956: libmspack: CVE-2017-11423

2017-08-13 Thread Stuart Caie
For your information, libmspack 0.6alpha has now been released. On 06/08/17 20:22, Sebastian Andrzej Siewior wrote: On 2017-08-06 10:22:11 [+0100], Stuart Caie wrote: Commited a fix: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38 I'll put out a release

Bug#868956: libmspack: CVE-2017-11423

2017-07-23 Thread Stuart Caie
t consider it a vulnerability at the time and still don't consider it one now. https://github.com/kyz/libmspack/commit/3e3436af6010ac245d7a390c6798e2b81ce09191 2015-05-10 Stuart Caie <ky...@4u.net> * cabd_read_string(): correct rejection of empty strings. Thanks to Hanno Böck for finding the iss

Bug#868956: libmspack: CVE-2017-11423

2017-08-06 Thread Stuart Caie
On 05/08/17 10:36, Stuart Caie wrote: libmspack is wrong to convert to unsigned without checking for errors first. When I get to my computer, I'll check all calls to mspack_system read/write/seek/tell methods, to be sure this doesn't happen anywhere else. I checked all the other mspack_system

Bug#868956: libmspack: CVE-2017-11423

2017-08-05 Thread Stuart Caie
On 4 Aug 2017 7:40 am, Sebastian Andrzej Siewior wrote: > > The way I see it, the problem is that the read functions returns -1 on > error and libmspack >   https://sources.debian.net/src/libmspack/0.5-1/mspack/cabd.c/#L524 > > treats the return code as unsigned

Bug#914794: libmspack fails tests on big endian architectures (s390x, mips)

2018-12-04 Thread Stuart Caie
On 04/12/2018 05:35, Marc Dequènes (duck) wrote: libmspack fails tests on big endian architectures (s390x, mips) This is fixed in the repository, it just hasn't been released. I'll release it in the near future. commit c19e707936947b45cf05bc9aaee68517c6c2aca6 Author: Stuart Caie Date

Bug#914794: libmspack fails tests on big endian architectures (s390x, mips)

2019-03-03 Thread Stuart Caie
On 03/03/2019 04:47, Marc Dequènes (duck) wrote: Quack, On 2018-12-04 19:02, Stuart Caie wrote: This is fixed in the repository, it just hasn't been released. I'll release it in the near future. I was myself busy and we missed the Debian freeze deadline. Maybe there is still some hope

Bug#914794: libmspack fails tests on big endian architectures (s390x, mips)

2019-03-04 Thread Stuart Caie
On 04/03/2019 05:00, Marc Dequènes (duck) wrote: Quack, On 2019-03-04 10:40, Stuart Caie wrote: I've released libmspack 0.10 and cabextract 1.9.1. They contain only fixes. Thanks a lot for being so fast. Unfortunately there is a build problem: How odd, but yes, I have a system where