Package: unzip Version: 6.0-10 Severity: important Justification: buffer overflow Control: submitter -1 Max Spring <maximilian.spr...@gmail.com>
I tried running "unzip -v replication.jar" with the attached replication.jar (it comes from WEB-INF/plugins/ in gerrit-2.8.1.war). Expected result: A nice file listing. Actual result: | Archive: WEB-INF/plugins/replication.jar | Length Method Size Cmpr Date Time CRC-32 Name | -------- ------ ------- ---- ---------- ----- -------- ---- | 2252 Defl:N 1150 49% 2014-01-15 09:48 dc357e9e com/googlesource/gerrit/plugins/replication/SecureCredentialsProvider.class [...] | 1379 Defl:N 467 66% 2014-01-15 09:48 5a74228e META-INF/MANIFEST.MF | *** buffer overflow detected ***: /usr/bin/unzip terminated | ======= Backtrace: ========= | /lib/x86_64-linux-gnu/libc.so.6(+0x6e8ef)[0x7ffff768e8ef] | /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff7714b97] | /lib/x86_64-linux-gnu/libc.so.6(+0xf3c20)[0x7ffff7713c20] | /lib/x86_64-linux-gnu/libc.so.6(+0xf3149)[0x7ffff7713149] | /lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x4288)[0x7ffff766a848] | /lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x88)[0x7ffff77131d8] | /lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7ffff771312d] | /usr/bin/unzip[0x40f091] | /usr/bin/unzip[0x410b0e] | /usr/bin/unzip[0x411257] | /usr/bin/unzip[0x403bd5] | /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7ffff7641b45] | /usr/bin/unzip[0x401e39] Ideas? >From https://code.google.com/p/gerrit/issues/detail?id=2543 Thanks, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
