* Jakub Wilk | 2014-12-21 18:35:36 [+0100]:
>Package: cabextract
>Version: 1.4-4+b1
>Usertags: afl
>
>cabextract crashes (trying to dereference null pointed) on the attached
>crafted CAB file:
Jakub, please fill future bugs against libmspack and CC the clamav team. I
am interrested in getting thos
On 2015-01-11 16:31:30 [+], Stuart Caie wrote:
> This is an accurate summary. There are two cab files found, the second of
Sorry for the inaccurate summary.
> This is now fixed in the repository version of cabextract / libmspack. New
> releases will be made soon.
Thank you.
Are you also aware
On 11/01/2015 21:15, Sebastian Andrzej Siewior wrote:
On 2015-01-11 16:31:30 [+], Stuart Caie wrote:
This is an accurate summary. There are two cab files found, the second of
Sorry for the inaccurate summary.
No, the summary was accurate :)
Are you also aware of the two recent reports whic
On 2015-01-15 01:52:05 [+], Stuart Caie wrote:
> I am now. I've sense-checked the patch for 774726 and it passes my test
> suite, so it's now committed to the repository. I'm doing the same for
> 774725.
Great, thanks.
> >In total Jakub reported four issues.
> I thank him for it! libmspack is
On 16/01/2015 20:29, Sebastian Andrzej Siewior wrote:
Well, it looks like Jakub did not stop yet. Atleast those two do not do
not crash immediately.
- libmspack: off-by-one buffer over-read in mspack/mszipd.c
https://bugs.debian.org/775498
- libmspack: off-by-one(?) buffer under-read in msp