Package: libmspack0
Version: 0.4-3
Usertags: afl
There's an off-by-one(?) buffer under-read in mspack/lzxd.c. To
reproduce the bug, rebuild libmspack with -fsanitize=address and run:
$ test/cabd_md5 lzxd-under-read.cab
*** lzxd-under-read.cab
ERROR; file "test1.txt" cannot be extracted, cabine
Package: libmspack0
Version: 0.4-3
Tags: patch
Usertags: afl
There's an off-by-one buffer over-read in mspack/mszipd.c; please see
the attached patch. I don't believe it's exploitable, but I could be
wrong.
To reproduce the bug, rebuild libmspack with -fsanitize=address and
run:
$ test/cab
On 2015-01-15 01:52:05 [+], Stuart Caie wrote:
> I am now. I've sense-checked the patch for 774726 and it passes my test
> suite, so it's now committed to the repository. I'm doing the same for
> 774725.
Great, thanks.
> >In total Jakub reported four issues.
> I thank him for it! libmspack is
On 2015-01-15 23:50:02 [+0100], Andreas Cadhalpun wrote:
> Hi,
Hi,
> Indeed, it works for most, so I'm reducing the severity.
thanks.
> I can reproduce this in a minimal jessie chroot with:
> # apt install clamav-base
> # apt remove clamav-base
> # apt install clamav-base
Hah. How so? After my r
Hi Sebastian,
On 16.01.2015 21:45, Sebastian Andrzej Siewior wrote:
On 2015-01-15 23:50:02 [+0100], Andreas Cadhalpun wrote:
I can reproduce this in a minimal jessie chroot with:
# apt install clamav-base
# apt remove clamav-base
# apt install clamav-base
Hah. How so? After my remove, "/var/l
On 2015-01-16 21:45:35 [+0100], Sebastian Andrzej Siewior wrote:
> > I can reproduce this in a minimal jessie chroot with:
> > # apt install clamav-base
> > # apt remove clamav-base
> > # apt install clamav-base
>
> Hah. How so? After my remove, "/var/lib/clamav/" was still owned by
> clamav:clama
On Fri, Jan 16, 2015 at 11:59:23PM +0100, Andreas Cadhalpun wrote:
> Hi Sebastian,
Hi Andreas,
> The directory /var/lib/clamav is only removed by dpkg if it is empty.
I just learned that…
> Debconf can only be used to change under which user clamd is run.
> The dbowner is hardcoded to clamav in c