Opened 7 years ago

Closed 7 years ago

#54409 closed defect (fixed)

unzip @6.0: fix multiple CVEs

Reported by: l2dy (Zero King) Owned by: kurthindenburg (Kurt Hindenburg)
Priority: Normal Milestone:
Component: ports Version:
Keywords: security Cc:
Port: unzip

Description

From Debian patches:

09-cve-2014-8139-crc-overflow.patch
10-cve-2014-8140-test-compr-eb.patch
11-cve-2014-8141-getzip64data.patch
12-cve-2014-9636-test-compr-eb.patch
14-cve-2015-7696.patch
15-cve-2015-7697.patch
16-fix-integer-underflow-csiz-decrypted.patch
18-cve-2014-9913-unzip-buffer-overflow.patch
19-cve-2016-9844-zipinfo-buffer-overflow.patch

Change History (4)

comment:1 Changed 7 years ago by Schamschula (Marius Schamschula)

Owner: set to Schamschula
Resolution: fixed
Status: newclosed

In 7d2e2673c27b3cbbf9266dd1a4e49f77682ef33f/macports-ports:

gmt5: update to version 5.4.2

remove eprofs.de:florian as maintainer
Closes: #54392
Closes: #54409

Last edited 7 years ago by Schamschula (Marius Schamschula) (previous) (diff)

comment:2 Changed 7 years ago by Schamschula (Marius Schamschula)

Resolution: fixed
Status: closedreopened

Accidentally closed, due to a typo.

comment:3 Changed 7 years ago by Schamschula (Marius Schamschula)

Owner: Schamschula deleted
Status: reopenedassigned

comment:4 Changed 7 years ago by kurthindenburg (Kurt Hindenburg)

Owner: set to kurthindenburg
Resolution: fixed
Status: assignedclosed

In 60ad662b8a9c1670e846e5740d97221a645d9632/macports-ports:

unzip: add Debian's patches including several fixes for CVEs

closes #54409

Note: See TracTickets for help on using tickets.