summaryrefslogtreecommitdiffstats
path: root/data/DTSA/advs
diff options
context:
space:
mode:
authorNico Golde <nion@debian.org>2007-09-03 21:56:41 +0000
committerNico Golde <nion@debian.org>2007-09-03 21:56:41 +0000
commitcd63d1201f5ec8c4cdb285b22d166e258f459a1c (patch)
treeffd9f63d1fb1ab07397af52a07bffdd181fe70f1 /data/DTSA/advs
parent1873418dc492ff77eb34882444b08185adf70abb (diff)
advisory file for zziplib
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6485 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA/advs')
-rw-r--r--data/DTSA/advs/56-zziplib.adv23
1 files changed, 23 insertions, 0 deletions
diff --git a/data/DTSA/advs/56-zziplib.adv b/data/DTSA/advs/56-zziplib.adv
new file mode 100644
index 0000000000..4f04836995
--- /dev/null
+++ b/data/DTSA/advs/56-zziplib.adv
@@ -0,0 +1,23 @@
+source: centerim
+date: September 4st , 2007
+author: Nico Golde
+vuln-type: buffer overflow
+problem-scope: remote
+debian-specifc: no
+cve: CVE-2007-1614
+vendor-advisory:
+testing-fix: 0.12.83-8lenny1
+sid-fix: 0.13.49-0
+upgrade: apt-get upgrade
+
+The zziplib library is prone to a stack-based buffer overflow
+which might allow remote attackers to execute arbitrary code
+or denial of service (application crash) via a long file name.
+
+CVE-2007-1614
+
+Stack-based buffer overflow in the zzip_open_shared_io function
+in zzip/file.c in ZZIPlib Library before 0.13.49 allows
+user-assisted remote attackers to cause a denial of service
+(application crash) or execute arbitrary code via a long
+filename.

© 2014-2024 Faster IT GmbH | imprint | privacy policy