From upstream: * if a CAB file has a Quantum-compressed datablock with exactly 38912 compressed bytes, cabextract will write exactly one byte beyond its input buffer. This affects both cabextract and libmspack. Fixes in cabextract 1.8 and libmspack 0.8alpha. Also from libmspack this: * chmextract now protects you from absolute/relative pathnames in CHM files sounds like a directory traversal vuln.
app-arch/cabextract is currently bundling dev-libs/libmspack. We will stop bundling once https://github.com/kyz/libmspack/issues/20 is solved. Once this is done we can start stabilizing new cabextract and libmspack version.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=052405702013032edf4686bad9a541a737e681cc commit 052405702013032edf4686bad9a541a737e681cc Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-11-06 02:12:11 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-11-06 02:12:28 +0000 app-arch/cabextract: bump to v1.9 Bug: https://bugs.gentoo.org/669280 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> app-arch/cabextract/Manifest | 1 + app-arch/cabextract/cabextract-1.9.ebuild | 66 +++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=222dd14d5fb355b3e521acbeccf975702875700c commit 222dd14d5fb355b3e521acbeccf975702875700c Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2018-11-06 02:09:50 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2018-11-06 02:12:26 +0000 dev-libs/libmspack: bump to v0.9alpha Bug: https://bugs.gentoo.org/669280 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-libs/libmspack/Manifest | 1 + dev-libs/libmspack/libmspack-0.9_alpha.ebuild | 73 +++++++++++++++++++++++++++ 2 files changed, 74 insertions(+)
@ Arches, please test and mark stable: dev-libs/libmspack-0.9_alpha app-arch/cabextract-1.9
amd64 stable
x86 stable
The MD5 code in libmspack is broken on big endian, see bug 670654.
ia64 stable
An automated check of this bug failed - the following atom is unknown: app-arch/cabextract-1.9-r1 Please verify the atom list.
hppa/sparc stable
arm stable
ppc stable
ppc64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=233e443db72e91bdc5c8e7cf1af56eeb7d27373d commit 233e443db72e91bdc5c8e7cf1af56eeb7d27373d Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-01-30 13:19:57 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-01-30 13:19:57 +0000 dev-libs/libmspack-0.9.1_alpha-r1: alpha stable Bug: http://bugs.gentoo.org/669280 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=715dc38d7255b2c072ae8d7b2801780f1a5880ed commit 715dc38d7255b2c072ae8d7b2801780f1a5880ed Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-01-30 13:19:57 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-01-30 13:19:57 +0000 app-arch/cabextract-1.9-r2: alpha stable Bug: http://bugs.gentoo.org/669280 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> app-arch/cabextract/cabextract-1.9-r2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
@maintainer(s), please clean vulnerable.
This issue was resolved and addressed in GLSA 201903-20 at https://security.gentoo.org/glsa/201903-20 by GLSA coordinator Aaron Bauman (b-man).
re-opened for cleanup.
tree is clean