** Changed in: chmlib (Ubuntu)
Status: Incomplete => Invalid
--
main inclusion report for chmlib
https://bugs.launchpad.net/bugs/236113
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists
Thank you for taking the time to report this bug and helping to make
Ubuntu better. You reported this bug a while ago and there hasn't been
any activity in it recently. We were wondering if this is still an issue
for you. Can you try with the latest Ubuntu release? Thanks in advance.
--
main incl
Can we have detailed review, so that upstream can fix it?
--
main inclusion report for chmlib
https://bugs.launchpad.net/bugs/236113
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.co
** Changed in: chmlib (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
main inclusion report for chmlib
https://bugs.launchpad.net/bugs/236113
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bu
Initial review shows several problems:
* chm_http.c doesn't check return value of fgets()
* chm_http.c and lzx.c doesn't check return values of malloc (possible null
pointer dereference)
* extract_chmLib.c uses stat() resulting in TOCTOU (time of check/time of use)
vulnerability (specifically pos
Despite the original MIR, chmlib has had quite a few vulns in the past,
and due to its handling of HTML and integration into browsers it makes
quite a nice attack vector. Kees, Jamie, can you please give this a
deeper security review and an opinion about the general sanity of
chmlib? Thanks!
** Ch
