Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 602048 (CVE-2016-9844) - <app-arch/unzip-6.0_p21-r2: buffer overflow in ZipInfo (CVE-2016-9844)
Summary: <app-arch/unzip-6.0_p21-r2: buffer overflow in ZipInfo (CVE-2016-9844)
Status: RESOLVED FIXED
Alias: CVE-2016-9844
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-08 23:42 UTC by Ian Zimmerman
Modified: 2019-08-10 14:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
patch constrcuted according to the discussion on oss-security (cve-2016-9844.patch,618 bytes, patch)
2016-12-08 23:43 UTC, Ian Zimmerman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ian Zimmerman 2016-12-08 23:42:14 UTC
According to the posting on oss-security [1]:

Alexis Vanden Eijnde has discovered a zipinfo buffer overflow...

I shall attach a patch (constructed locally because upstream has no public VCS) after I submit this report.

[1]
https://marc.info/?l=oss-security&m=148095466614279&w=2


Reproducible: Always
Comment 1 Ian Zimmerman 2016-12-08 23:43:49 UTC
Created attachment 455550 [details, diff]
patch constrcuted according to the discussion on oss-security
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-03-30 01:35:22 UTC
Patch is in the Debian patchset which Gentoo ships:

19-cve-2016-9844-zipinfo-buffer-overflow.patch
Comment 3 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-05-01 02:59:26 UTC
@base-system, please clean vulnerable