On 2018-02-02 10:46:12, Salvatore Bonaccorso wrote:
> Hi Robert,
>
> On Sun, Jan 28, 2018 at 11:09:09PM +0000, Debian Bug Tracking System wrote:
>> This is an automatic notification regarding your Bug report
>> which was filed against the p7zip package:
>>
>> #888297: p7zip: CVE-2017-17969: ZIP Shrink: Heap Buffer Overflow
> [...]
>> * Hopefully fix ZIP Shrink: Heap Buffer Overflow (CVE-2017-17969). Thanks
>> to Antoine Beaupré for the initial patch, based on upstream changes in
>> 7Zip 18.00.beta (closes: #888297).
>
> It looks the upload for unstable contained a backport of an earlier
> variant. Can you update to the most recent iteration as posted in
> https://sourceforge.net/p/p7zip/bugs/_discuss/thread/0920f369/#27d7 ?
>
> The check for cur against kNumItems is missing, not sure this can
> cause any further problem.
I concur: the original researcher explicitly sent me a patch that checks
the `cur` counter as well.
A.
--
The true revolutionary is guided by a great feeling of love.
- Ernesto "Che" Guevara
