*** This bug is a duplicate of bug 1643750 ***
https://bugs.launchpad.net/bugs/1643750
** This bug has been marked a duplicate of bug 1643750
Buffer Overflow in ZipInfo
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/387350
Title:
Buffer overflow in unzip with hand-crafted ZIP file
To manage
This bug was fixed in the package unzip - 6.0-20ubuntu1.1
---
unzip (6.0-20ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in unzip (LP: #387350)
- debian/patches/17-cve-2014-9913-unzip-buffer-overflow: Accommodate
printing an oversized
** Changed in: unzip (Ubuntu)
Importance: Undecided = Low
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
Yes, Gabe, you're right, I could reproduce that with Fedora13 alpha.
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing
Hmm, looking at the Debian change log between 6.0-1 and 6.0-4, I don't
see any changes that would fix this. I'm going to try to build it on
Karmic and see if this bug really is gone.
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this
I still get this using 6.0-4 from Debian. Perhaps you can't reproduce it
because the buffer overflow just isn't detected?
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member of Ubuntu
Bugs,
Hi,
I suppose when you report bug to upstream, Info-ZIP Discussion Forum is
better than
sf.net. See http://www.info-zip.org/board/board.pl
and I cannot reproduce it in Debian unstable.
henr...@hp115:/tmp$ unzip -lv hello.zip
Archive: hello.zip
Length MethodSize CmprDateTime
What Debian package version of unzip are you using? I notice that on
Karmic, it's 6.0-1, but unzip will still report its version as 6.0.
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member of
I'm using 6.0-4.
$ dpkg -s unzip
Package: unzip
Status: install ok installed
Priority: optional
Section: utils
Installed-Size: 396
Maintainer: Santiago Vila sanv...@debian.org
Architecture: i386
Version: 6.0-4
(snip)
--
Buffer overflow in unzip with hand-crafted ZIP file
Also I'm using i386 and amd64 and unzip packages are same version.
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
I can confirm this on the unzip 6.0 used in karmic. The code in list.c
has changed a little, but the same general problem remains.
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member of Ubuntu
Filed this upstream with the unzip people.
** Bug watch added: SourceForge.net Tracker #2861648
http://sourceforge.net/support/tracker.php?aid=2861648
** Also affects: unzip via
http://sourceforge.net/support/tracker.php?aid=2861648
Importance: Unknown
Status: Unknown
--
Buffer
Is this bug still present in latest version? If so, this should be filed
upstream at http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=unzip.
--
Buffer overflow in unzip with hand-crafted ZIP file
https://bugs.launchpad.net/bugs/387350
You received this bug notification because you are a member
Thanks for this investigation! It looks like the overflow is not very
harmful, so I'm unmarking this a security bug. A single byte overflow
in the bss region is happening, which does not appear to be near any
control structures.
** Changed in: unzip (Ubuntu)
Status: New = Triaged
**
15 matches
Mail list logo
