Bug#436701: CVE-2007-1614: DoS and execution of arbitary code
Package: zziplib Severity: grave Tags: security Justification: user security hole Hi The following CVE[0] has be issued against zziplib. The text says: Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename. Can you please investigate, if the debian versions are affected or not? If you do an upload, which fixes this issue, please mention the CVE number in the changelog. Thanks for your efforts Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1614 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#436701: CVE-2007-1614: DoS and execution of arbitary code
On Thu Aug 09, 2007 at 01:07:47 +1000, Steffen Joeris wrote: Package: zziplib Severity: grave Tags: security Justification: user security hole Hi The following CVE[0] has be issued against zziplib. This seems to be a low-risk, from the one page I found describing it: http://www.securitylab.ru/forum/read.php?FID=21TID=40858MID=326187#message326187 Basically zzcat $longfilename crashes. I wouldn't have thought this would require a DSA. Steve -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#436701: CVE-2007-1614: DoS and execution of arbitary code
Hi http://www.securitylab.ru/forum/read.php?FID=21TID=40858MID=326187#messag e326187 Basically zzcat $longfilename crashes. I wouldn't have thought this would require a DSA. Yes you are right, although I understood the CVE text in a different way. I will downgrade the bug to normal. Thanks for pointing it out. Cheers Steffen signature.asc Description: This is a digitally signed message part.