From ${URL} : It was reported [1] that OOB access (both read and write) issues exist in test_compr_eb (extract.c) that can result in application crash or other unspecified impact. This vulnerability can be triggered via crafted zip archives with extra fields that advertise STORED method compression (i.e. no compression) and have uncompressed field sizes smaller than the corresponding compressed field sizes. This issue is different from CVE-2014-8140 [2]. Proposed patch is attached. Upstream bugreport: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 [1]: http://seclists.org/oss-sec/2014/q4/1131 [2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-9636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9636): unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
There looks to be a link to the patch that was accepted upstream on the RedHat page in URL. Please take a look.
per previous comments and links patch is available upstream, please bump
fixed w/Debian patchset. should be fine for stable. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f65df71cdc392f85fd95ad5b8ef1508434e2a239
This issue was resolved and addressed in GLSA 201611-01 at https://security.gentoo.org/glsa/201611-01 by GLSA coordinator Aaron Bauman (b-man).
