Summary: | <dev-libs/quazip-0.7.6: zip slip - arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/stachenov/quazip/commit/5d2fc16a1976e5bf78d2927b012f67a2ae047a98 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-libs/quazip-0.7.6
|
Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-06-20 02:20:48 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8d40e5767c67082e1f69117553766ad1a3614354 commit 8d40e5767c67082e1f69117553766ad1a3614354 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-06-20 12:22:49 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-06-20 13:03:25 +0000 dev-libs/quazip: 0.7.6 version bump, moved to GitHub Bug: https://bugs.gentoo.org/658548 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-libs/quazip/Manifest | 1 + dev-libs/quazip/quazip-0.7.6.ebuild | 48 +++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+) Arches, please stabilise... amd64 stable x86 stable ppc64 stable ppc stable Last arch. Closing. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c1658bd3a1fc7f931f5a9451cb824a5bd2390278 commit c1658bd3a1fc7f931f5a9451cb824a5bd2390278 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-08-11 19:31:15 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-08-11 19:31:52 +0000 dev-libs/quazip: Cleanup vulnerable 0.7.3 Bug: https://bugs.gentoo.org/658548 Package-Manager: Portage-2.3.45, Repoman-2.3.10 dev-libs/quazip/Manifest | 1 - dev-libs/quazip/quazip-0.7.3-r1.ebuild | 51 ---------------------------------- 2 files changed, 52 deletions(-) ping sec - sci is done here, in case you didn't notice. |