Hi Robert, On Sun, Jan 28, 2018 at 11:09:09PM +0000, Debian Bug Tracking System wrote: > This is an automatic notification regarding your Bug report > which was filed against the p7zip package: > > #888297: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow [...] > * Hopefully fix ZIP Shrink: Heap Buffer Overflow (CVE-2017-17969). Thanks > to Antoine Beaupré for the initial patch, based on upstream changes in > 7Zip 18.00.beta (closes: #888297).
It looks the upload for unstable contained a backport of an earlier variant. Can you update to the most recent iteration as posted in https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7 ? The check for cur against kNumItems is missing, not sure this can cause any further problem. Regards, Salvatore
