[Git][security-tracker-team/security-tracker][master] CVE-2018-1000035: Reference patch as used in openSUSE
Salvatore Bonaccorso
carnil at debian.org
Sat Feb 9 04:35:30 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
af4d4702 by Salvatore Bonaccorso at 2019-02-09T04:34:46Z
CVE-2018-1000035: Reference patch as used in openSUSE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -54139,6 +54139,7 @@ CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version
[jessie] - unzip <no-dsa> (Harmless crash, builds with fortified source)
[wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source)
NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
+ NOTE: Patch used in openSUSE:Factory/unzip: https://bugzilla.novell.com/attachment.cgi?id=759406
CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that ...)
- unzip <not-affected> (Only affects 6.1c22)
NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af4d4702c3c3feccaf62e005812f1df24bba0997
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/af4d4702c3c3feccaf62e005812f1df24bba0997
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190209/f4fba445/attachment.html>
More information about the debian-security-tracker-commits
mailing list