[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] new unzip issues

Moritz Muehlenhoff jmm at debian.org
Wed Feb 7 15:59:31 UTC 2018 

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
739fc983 by Moritz Muehlenhoff at 2018-02-07T16:59:13+01:00
new unzip issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -622,16 +622,26 @@ CVE-2018-1000037
 	RESERVED
 CVE-2018-1000036
 	RESERVED
-CVE-2018-1000035
+CVE-2018-1000035 [Heap-based buffer overflow in password protected ZIP archives]
 	RESERVED
-CVE-2018-1000034
+	- unzip <unfixed>
+	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
+CVE-2018-1000034 [Multiple vulnerabilities in the LZMA compression algorithm]
 	RESERVED
-CVE-2018-1000033
+	- unzip <not-affected> (Only affects 6.1c22)
+	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
+CVE-2018-1000033 [Heap out-of-bounds access in ef_scan_for_stream]
 	RESERVED
-CVE-2018-1000032
+	- unzip <not-affected> (Only affects 6.1c22)
+	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
+CVE-2018-1000032 [Heap/BSS-based buffer overflow]
 	RESERVED
-CVE-2018-1000031
+	- unzip <not-affected> (Only affects 6.1c22)
+	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
+CVE-2018-1000031 [Heap-based out-of-bounds write]
 	RESERVED
+	- unzip <not-affected> (Only affects 6.1c22)
+	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
 CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e ...)
 	{DLA-1269-1}
 	- dokuwiki <unfixed> (bug #889281)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/739fc983b50df4b1e53a244467b7a635f7b348ea

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/739fc983b50df4b1e53a244467b7a635f7b348ea
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180207/22391b27/attachment.html>

More information about the Secure-testing-commits mailing list