[Secure-testing-commits] r6485 - in data/DTSA: . advs
nion at alioth.debian.org
nion at alioth.debian.org
Mon Sep 3 21:56:41 UTC 2007
Author: nion
Date: 2007-09-03 21:56:41 +0000 (Mon, 03 Sep 2007)
New Revision: 6485
Added:
data/DTSA/advs/56-zziplib.adv
Modified:
data/DTSA/list
Log:
advisory file for zziplib
Added: data/DTSA/advs/56-zziplib.adv
===================================================================
--- data/DTSA/advs/56-zziplib.adv (rev 0)
+++ data/DTSA/advs/56-zziplib.adv 2007-09-03 21:56:41 UTC (rev 6485)
@@ -0,0 +1,23 @@
+source: centerim
+date: September 4st , 2007
+author: Nico Golde
+vuln-type: buffer overflow
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-1614
+vendor-advisory:
+testing-fix: 0.12.83-8lenny1
+sid-fix: 0.13.49-0
+upgrade: apt-get upgrade
+
+The zziplib library is prone to a stack-based buffer overflow
+which might allow remote attackers to execute arbitrary code
+or denial of service (application crash) via a long file name.
+
+CVE-2007-1614
+
+Stack-based buffer overflow in the zzip_open_shared_io function
+in zzip/file.c in ZZIPlib Library before 0.13.49 allows
+user-assisted remote attackers to cause a denial of service
+(application crash) or execute arbitrary code via a long
+filename.
Modified: data/DTSA/list
===================================================================
--- data/DTSA/list 2007-09-03 21:54:38 UTC (rev 6484)
+++ data/DTSA/list 2007-09-03 21:56:41 UTC (rev 6485)
@@ -155,3 +155,6 @@
[August 31st, 2007] DTSA-55-1 centerim - arbitrary code execution
{CVE-2007-3713}
[lenny] - centerim 4.22.1-2lenny1
+[September 4st, 2007] DTSA-56-1 zziplib - arbitrary code execution
+ {CVE-2007-1614}
+ [lenny] - zziplib 0.12.83-8lenny1
More information about the Secure-testing-commits
mailing list