[Secure-testing-team] Bug#847485: unzip: CVE-2014-9913: buffer oveflowin "unzip -l" via list_files() in list.c
Santiago Vila
sanvila at unex.es
Fri Dec 9 16:39:46 UTC 2016
forwarded 847485 http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=529
thanks
On Thu, 8 Dec 2016, Salvatore Bonaccorso wrote:
> Source: unzip
> Version: 6.0-16
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for unzip.
>
> CVE-2014-9913[0]:
> Buffer overflow in "unzip -l" via list_files() in list.c
And this is where I'm in doubt.
I could do the same as in the other CVE, and it would result in a patch
like the first one I attach.
But the end result is a little big ugly to my taste and I would prefer
that Unknown compression methods are always expressed in hexadecimal,
no matter what, as in the second patch attached.
So I've asked the author about what he will do in the phpbb thread
at the top.
BTW: It took me a while to realize how the two CVE are different
indeed, even if "unzip -l" and "zipinfo" are "equivalent" and the
programs themselves are hardlinked. Hopefully by looking at the
patches it should be clear where the bugs are exactly.
Thanks a lot.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cve-2014-9913-unzip-buffer-overflow.txt
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20161209/d3c3a98c/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cve-2014-9913-unzip-buffer-overflow-bis.txt
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20161209/d3c3a98c/attachment-0001.txt>
More information about the Secure-testing-team
mailing list