From ${URL} : The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. Reference: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul Upstream bug: https://bugzilla.clamav.net/show_bug.cgi?id=11873 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
libmspack-0.6_alpha in portage. Claims to fix CVE-2017-11423
0.6a ready for stabilization (also see 628684).
Freeing CVE-2017-11423 alias to create a tracker bug.
@ Arches, please test and mark stable: =dev-libs/libmspack-0.6_alpha
amd64 stable
x86 stable
@maintainer, please clean the vulnerable versions from the tree. GLSA Vote: No
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7ee0e25859aa7c5ff99f760c2a7dc3d277ed16c7 commit 7ee0e25859aa7c5ff99f760c2a7dc3d277ed16c7 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-22 22:42:38 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-22 22:42:57 +0000 dev-libs/libmspack: drop vulnerable Bug: https://bugs.gentoo.org/625634 Package-Manager: Portage-2.3.31, Repoman-2.3.9 dev-libs/libmspack/Manifest | 1 - dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild | 50 ------------------------ dev-libs/libmspack/libmspack-0.5_alpha.ebuild | 46 ---------------------- 3 files changed, 97 deletions(-)}