search

AOSC-Dev / aosc-os-abbs

ABBS/ACBS tree for AOSC OS package metadata, build configuration, scripts, and patches
https://packages.aosc.io
GNU General Public License v2.0
102 stars 80 forks source link

zziplib: multiple CVEs #976

Closed l2dy closed 6 years ago

l2dy commented 6 years ago

http://www.openwall.com/lists/oss-security/2017/02/14/3 https://security-tracker.debian.org/tracker/source-package/zziplib

Some of these CVEs were resolved in 0.13.67, e.g. https://github.com/gdraheim/zziplib/commit/9e8f867a976311a3e5fb0184c947e22ec35f2fcb.

MingcongBai commented 6 years ago

Hmm... This one's quite tough to track.

MingcongBai commented 6 years ago

Majority of the vulnerabilities are still valid and not fixed according to Debian's tracker.

l2dy commented 6 years ago

Cross-References: ASA-201801-17 ASA-201804-3

The problems have been fixed upstream in version 0.13.69.

At least some of these vulnerabilities have been fixed upstream.

MingcongBai commented 6 years ago

Fixed with https://github.com/AOSC-Dev/aosc-os-abbs/commit/c27c17f133febe8309d7b1cbc772d7c72f811d01. Closing.

l2dy commented 6 years ago

Use AOSA-2018-0157 for zziplib 0.13.69.

l2dy commented 5 years ago

Cross-References: RHSA-2018:3229-01

CVE-2018-7725 CVE-2018-7726 CVE-2018-7727