[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30415: Unzip CVE-2018-1000031 and others

From: Leo Famulari
Subject: bug#30415: Unzip CVE-2018-1000031 and others
Date: Mon, 12 Feb 2018 13:58:02 -0500
User-agent: Mutt/1.9.3 (2018-01-21)

On Sun, Feb 11, 2018 at 10:35:48AM -0500, Leo Famulari wrote:
> And CVE-2018-1000035 may be mitigated by the compiler. I'll investigate
> more.

The researcher's advisory recommends building UnZip with FORTIFY_SOURCE
to reduce the impact of the bug. The attached patch does that.

AFAICT, the proof-of-concept zip file is not published, and there is no
upstream patch.

Attachment: 0001-gnu-unzip-Mitigate-CVE-2018-1000035.patch
Description: Text document

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]