Source: libmspack
Version: 0.5-1
Severity: important
Tags: patch security upstream

Hi

>From https://www.openwall.com/lists/oss-security/2018/10/22/1

> if a CAB file has a Quantum-compressed datablock with exactly 38912
> compressed bytes, cabextract will write exactly one byte beyond its
> input buffer.

Fix: 
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2

Regards,
Salvatore

Reply via email to