Hi,
please also have a look at similar bugs in the same source
directory. A quick look showed two similar bugs in zzip/
however I didn't check if they are remote exploitable.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text
Hi
> http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#messag
>e326187
>
> Basically "zzcat $longfilename" crashes. I wouldn't have thought
> this would require a DSA.
Yes you are right, although I understood the CVE text in a different way. I
will downgrade the bug to "nor
On Thu Aug 09, 2007 at 01:07:47 +1000, Steffen Joeris wrote:
> Package: zziplib
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Hi
>
> The following CVE[0] has be issued against zziplib.
This seems to be a low-risk, from the one page I found describing
it:
http:/
Package: zziplib
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has be issued against zziplib.
The text says:
Stack-based buffer overflow in the zzip_open_shared_io function in
zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted
remote att
4 matches
Mail list logo
