Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Feb 2015 20:41:54 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 197300] archivers/unzip: Port should be marked vulnerable to CVE-2014-9636
Message-ID:  <bug-197300-13@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197300

            Bug ID: 197300
           Summary: archivers/unzip: Port should be marked vulnerable to
                    CVE-2014-9636
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ehaupt@FreeBSD.org
          Reporter: rsimmons0@gmail.com
          Assignee: ehaupt@FreeBSD.org
             Flags: maintainer-feedback?(ehaupt@FreeBSD.org)

Created attachment 152529
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=152529&action=edit
patch for CVE-2014-9636

The port archivers/unzip is vulnerable to CVE-2014-9636. Further information is
here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9636.html

Here is the patch from upstream:
http://www.info-zip.org/phpBB3/download/file.php?id=95&sid=95e98be32f791909977347bca032d3bc

I have merged this patch with the previous extract.c patch into one. Attached
is an patch that fixes the port.

The message attached to the patch above is:

=================

>From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001
From: mancha <mancha1 AT zoho DOT com>
Date: Mon, 3 Nov 2014
Subject: Info-ZIP UnZip buffer overflow

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.

--- Comment #1 from Bugzilla Automation <bugzilla@FreeBSD.org> ---
Auto-assigned to maintainer ehaupt@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-197300-13>