bug#30415: Unzip CVE-2018-1000031 and others

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30415: Unzip CVE-2018-1000031 and others

From:	Leo Famulari
Subject:	bug#30415: Unzip CVE-2018-1000031 and others
Date:	Mon, 12 Feb 2018 13:58:02 -0500
User-agent:	Mutt/1.9.3 (2018-01-21)

On Sun, Feb 11, 2018 at 10:35:48AM -0500, Leo Famulari wrote:
> And CVE-2018-1000035 may be mitigated by the compiler. I'll investigate
> more.

The researcher's advisory recommends building UnZip with FORTIFY_SOURCE
to reduce the impact of the bug. The attached patch does that.

AFAICT, the proof-of-concept zip file is not published, and there is no
upstream patch.

0001-gnu-unzip-Mitigate-CVE-2018-1000035.patch
Description: Text document

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/10
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
  - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari <=
    - bug#30415: Unzip CVE-2018-1000031 and others, Ricardo Wurmus, 2018/02/14
    - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/13

Prev by Date: bug#30437: No “.guix-profile/bin/python” after ‘guix package -i python’
Next by Date: bug#30437: No “.guix-profile/bin/python” after ‘guix package -i python’
Previous by thread: bug#30415: Unzip CVE-2018-1000031 and others
Next by thread: bug#30415: Unzip CVE-2018-1000031 and others
Index(es):
- Date
- Thread