Summary: | <dev-libs/libzip-1.2.0-r2: _zip_read_eocd64 function in zip_open.c in libzip mishandles EOCD records (CVE-2017-14107) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | creffett |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=628800 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-libs/libzip-1.3.0
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 628800 |
Description
D'juan McDonald (domhnall)
2017-09-01 22:28:08 UTC
1.2.0-r2 security revbump added in git commit 496ef5159327a6ec7726c0ec5ec849e16f416b7a Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Upstream released 1.3.0, let's target that instead. (In reply to Michael Palimaka (kensington) from comment #4) > Upstream released 1.3.0, let's target that instead. Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. ia64 stable amd64 stable ppc64 stable ppc stable Stable on alpha. x86 stable @ Maintainer(s): Please cleanup! Thanks, cleanup done in git commit b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c. Thank you all, @Security please vote. GLSA Vote: No |