Launchpad has imported 17 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=213761.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-03-18T01:32:50+00:00 rbu wrote: Tavis Ormandy writes: the inflate_dynamic() routine (~978, inflate.c) uses a macro NEEDBITS() that jumps execution to a cleanup routine on error, this routine attempts to free() two buffers allocated during the inflate process. At certain locations, the NEEDBITS() macro is used while the pointers are not pointing to valid buffers, they are either uninitialised or pointing inside a block that has already been free()d (ie, not pointing at the block, but at a location inside it). In both cases, the possibility of controlling either the pointer (eg, by altering the unitialized data on the stack left over from some previous subroutine call), or the buffer pointed at by the pointer, is small but perhaps non-zero. Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/3 ------------------------------------------------------------------------ On 2008-03-18T01:34:02+00:00 rbu wrote: base-system, please find the patch attached. No upstream bump to be expected, smithj tried contacting them without success. Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/4 ------------------------------------------------------------------------ On 2008-03-18T01:34:49+00:00 rbu wrote: Created attachment 146443 unzip-5.5.2-CVE-2008-0888.patch Courtesy of Tavis Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/5 ------------------------------------------------------------------------ On 2008-03-18T04:44:31+00:00 smithj wrote: (In reply to comment #1) > smithj tried contacting them without success. Yeah. Actually, if anyone has a contact for them, please pass this info along! Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/6 ------------------------------------------------------------------------ On 2008-03-18T11:28:10+00:00 vapier wrote: i'd drop the last two hunks of that patch as one is simply whitespace change and the other is redundant -- huft_free() already performs the if(NULL) test Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/10 ------------------------------------------------------------------------ On 2008-03-18T12:16:54+00:00 rbu wrote: (In reply to comment #4) > i'd drop the last two hunks of that patch as one is simply whitespace change > and the other is redundant -- huft_free() already performs the if(NULL) test sounds good, taviso complained about losing performance though ;-) Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/11 ------------------------------------------------------------------------ On 2008-03-27T21:13:08+00:00 rbu wrote: spanky, any updates here? Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/14 ------------------------------------------------------------------------ On 2008-03-29T02:37:54+00:00 vapier wrote: added unzip-5.5.2-r2 to the tree w/the patch ... not that i really looked into the issue to verify correctness of the patch Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/15 ------------------------------------------------------------------------ On 2008-03-29T10:04:45+00:00 rbu wrote: (In reply to comment #7) > added unzip-5.5.2-r2 to the tree w/the patch ... not that i really looked into > the issue to verify correctness of the patch Couldn't reproduce the error with taviso's PoC. Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/16 ------------------------------------------------------------------------ On 2008-03-29T10:05:17+00:00 rbu wrote: Arches, please test and mark stable: =app-arch/unzip-5.52-r2 Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 release s390 sh sparc x86" Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/17 ------------------------------------------------------------------------ On 2008-03-29T10:12:43+00:00 rbu wrote: amd64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/18 ------------------------------------------------------------------------ On 2008-03-29T11:15:45+00:00 fauli wrote: x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/19 ------------------------------------------------------------------------ On 2008-03-29T15:33:03+00:00 ranger wrote: ppc and ppc64 done Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/20 ------------------------------------------------------------------------ On 2008-03-29T16:06:31+00:00 armin76 wrote: alpha/ia64/sparc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/21 ------------------------------------------------------------------------ On 2008-03-29T16:57:02+00:00 jer wrote: Stable for HPPA. Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/22 ------------------------------------------------------------------------ On 2008-03-30T11:41:42+00:00 pva wrote: Fixed in release snapshot. Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/23 ------------------------------------------------------------------------ On 2008-04-06T17:20:59+00:00 rbu wrote: GLSA 200804-06. Reply at: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/comments/24 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/203461 Title: [unzip] [CVE-2008-0888] potential code execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/203461/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
