GNU bug report logs - #30415
Unzip CVE-2018-1000031 and others

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Sat, 10 Feb 2018 18:58:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: 30415 <at> debbugs.gnu.org
Subject: bug#30415: Unzip CVE-2018-1000031 and others
Date: Sun, 11 Feb 2018 10:09:49 -0500

[Message part 1 (text/plain, inline)]

The 3rd-party security advisory suggests that the bugs are fixed in
UnZip 6.1c23:

https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html

See unzip610c23.zip here:

http://antinode.info/ftp/info-zip/

Unfortunately, this is a zip file, unlike the 9 year old tarball on the
UnZip SourceForge page.

Any advice? I suppose we could keep the old UnZip package just to unpack
the new one.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 184 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #30415 Unzip CVE-2018-1000031 and others

GNU bug report logs - #30415
Unzip CVE-2018-1000031 and others