Thanks for taking the time to report this bug and helping to make Ubuntu
better. We appreciate the difficulties you are facing, but this appears
to be a "regular" (non-security) bug. I have unmarked it as a security
issue since this bug does not show evidence of allowing attackers to
cross privilege boundaries nor directly cause loss of data/privacy.
Attackers wouldn't typically have the ability to directly influence the
command line arguments and, in this case, it doesn't seem to matter if
they did since the crash happens early on in the argument parsing code.
Please feel free to report any other bugs you may find.
I've confirmed this bug using zip 3.0-11 in Ubuntu 16.10.
** Package changed: ubuntu => zip (Ubuntu)
** Changed in: zip (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: zip (Ubuntu)
Status: New => Confirmed
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1660744
Title:
Buffer overflow in zip
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zip/+bug/1660744/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
