bug#30415: Unzip CVE-2018-1000031 and others

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30415: Unzip CVE-2018-1000031 and others

From:	Leo Famulari
Subject:	bug#30415: Unzip CVE-2018-1000031 and others
Date:	Tue, 13 Feb 2018 09:51:35 -0500
User-agent:	Mutt/1.9.3 (2018-01-21)

On Tue, Feb 13, 2018 at 09:01:44AM +0100, Ricardo Wurmus wrote:
> 
> Hi Leo,
> 
> > The researcher's advisory recommends building UnZip with FORTIFY_SOURCE
> > to reduce the impact of the bug. The attached patch does that.
> […]
> > +                 ;; Mitigate CVE-2018-1000035, an exploitable buffer 
> > overflow.
> > +                 ;; This environment variable is recommended in 
> > 'unix/Makefile'
> > +                 ;; for passing flags to the C compiler.
> > +                 (setenv "LOCAL_UNZIP" "-D_FORTIFY_SOURCE=1")
> > +                 #t))))))))
> 
> This looks good to me.  Thank you!

Thanks, pushed as 77737e035491112a1e9c7d9a0e6f1e0397a4f930

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/10
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
- bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/11
  - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari, 2018/02/12
    - bug#30415: Unzip CVE-2018-1000031 and others, Ricardo Wurmus, 2018/02/14
    - bug#30415: Unzip CVE-2018-1000031 and others, Leo Famulari <=

Prev by Date: bug#30428: guix git-fetch doesn't specify "--depth 1" - git clone clones a lot without any use
Next by Date: bug#30434: magit won’t work over TRAMP
Previous by thread: bug#30415: Unzip CVE-2018-1000031 and others
Next by thread: bug#30428: guix git-fetch doesn't specify "--depth 1" - git clone clones a lot without any use
Index(es):
- Date
- Thread