GNU bug report logs - #30415
Unzip CVE-2018-1000031 and others

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 10 Feb 2018 18:58:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #11 received at 30415 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: 30415 <at> debbugs.gnu.org
Subject: Re: Unzip CVE-2018-1000031 and others
Date: Sun, 11 Feb 2018 10:35:48 -0500

[Message part 1 (text/plain, inline)]

On Sat, Feb 10, 2018 at 01:57:28PM -0500, Leo Famulari wrote:
> We need to fix CVE-2018-1000031, CVE-2018-1000032, CVE-2018-1000033,
> CVE-2018-1000034, CVE-2018-1000035 in UnZip:
> 
> http://seclists.org/oss-sec/2018/q1/134
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000031 and etc

Okay, the advisory says that only CVE-2018-1000035 affects our UnZip 6.0
package; the other bugs were apparently introduced after that.

And CVE-2018-1000035 may be mitigated by the compiler. I'll investigate
more.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 184 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #30415 Unzip CVE-2018-1000031 and others

GNU bug report logs - #30415
Unzip CVE-2018-1000031 and others