Package: zoo Version: 2.10-18 Severity: grave Tags: security patch Justification: user security hole
>From CVE-2007-1673: "unzoo.c allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file." Severity grave becaus zoo might be used by virus scanners: zoo is suggested by amavisd-new. unzoo is recommended by clamav. PoC exploit is at [1] Patch for zoo is at [2] Please mention the CVE id in the changelog. [1] http://www.sfritsch.de/CVE-2007-1673.zoo [2] http://archives.neohapsis.com/archives/bugtraq/2007-05/0046.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
