Package: busybox
Version: 1:1.27.2-1
Severity: important
Tags: security

Hi,
please see:

CVE-2017-15873
The get_next_block function in archival/libarchive/decompress_bunzip2.c
in BusyBox 1.27.2 has an Integer Overflow that may lead to a write
access violation.

https://bugs.busybox.net/show_bug.cgi?id=10431
https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0


CVE-2017-15874
archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer
Underflow that leads to a read access violation.

https://bugs.busybox.net/show_bug.cgi?id=10436

Cheers,
        Moritz

_______________________________________________
Secure-testing-team mailing list
Secure-testing-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

Reply via email to