Attaching the used patch for reference.
Regards,
Salvatore
From: =?utf-8?q?Antoine_Beaupr=C3=A9?=
Date: Sun, 28 Jan 2018 21:19:50 +0100
Subject: backport of the CVE-2017-17969 fix from 7zip 18.00-beta
---
CPP/7zip/Compress/ShrinkDecoder.cpp | 7 ++-
1 file changed, 6 insertions(+), 1 deleti
> Since they are in two different source packages let's actually create
> two bugs.
Ah, I hadn't noticed that.
Thanks for splitting and retagging.
Processing control commands:
> tags -1 - newcomer
Bug #888297 [p7zip] p7zip: Multiple Memory Corruptions via RAR and ZIP
Removed tag(s) newcomer.
> clone -1 -2
Bug #888297 [p7zip] p7zip: Multiple Memory Corruptions via RAR and ZIP
Bug 888297 cloned as bug 888314
> retitle -1 p7zip: CVE-2017-17969:
Control: tags -1 - newcomer
Control: clone -1 -2
Control: retitle -1 p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow
Control: reassign -2 p7zip-rar
Control: retitle -2 p7zip-rar: CVE-2018-5996: Memory Corruptions via RAR PPMd
Hi
On Wed, Jan 24, 2018 at 07:45:30PM +0100, Gregor Riepl wrote
Package: p7zip
Version: 16.02+dfsg-4
Severity: grave
Tags: upstream newcomer security
Justification: user security hole
Dear Maintainer,
p7zip, p7zip-full and the non-free component p7zip-rar are affected by two
vulnerabilities:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar
5 matches
Mail list logo
