diff options
author | Nico Golde <nion@debian.org> | 2007-09-03 21:56:41 +0000 |
---|---|---|
committer | Nico Golde <nion@debian.org> | 2007-09-03 21:56:41 +0000 |
commit | cd63d1201f5ec8c4cdb285b22d166e258f459a1c (patch) | |
tree | ffd9f63d1fb1ab07397af52a07bffdd181fe70f1 /data/DTSA | |
parent | 1873418dc492ff77eb34882444b08185adf70abb (diff) |
advisory file for zziplib
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6485 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/DTSA')
-rw-r--r-- | data/DTSA/advs/56-zziplib.adv | 23 | ||||
-rw-r--r-- | data/DTSA/list | 3 |
2 files changed, 26 insertions, 0 deletions
diff --git a/data/DTSA/advs/56-zziplib.adv b/data/DTSA/advs/56-zziplib.adv new file mode 100644 index 0000000000..4f04836995 --- /dev/null +++ b/data/DTSA/advs/56-zziplib.adv @@ -0,0 +1,23 @@ +source: centerim +date: September 4st , 2007 +author: Nico Golde +vuln-type: buffer overflow +problem-scope: remote +debian-specifc: no +cve: CVE-2007-1614 +vendor-advisory: +testing-fix: 0.12.83-8lenny1 +sid-fix: 0.13.49-0 +upgrade: apt-get upgrade + +The zziplib library is prone to a stack-based buffer overflow +which might allow remote attackers to execute arbitrary code +or denial of service (application crash) via a long file name. + +CVE-2007-1614 + +Stack-based buffer overflow in the zzip_open_shared_io function +in zzip/file.c in ZZIPlib Library before 0.13.49 allows +user-assisted remote attackers to cause a denial of service +(application crash) or execute arbitrary code via a long +filename. diff --git a/data/DTSA/list b/data/DTSA/list index bb87794363..310cf11a2a 100644 --- a/data/DTSA/list +++ b/data/DTSA/list @@ -155,3 +155,6 @@ [August 31st, 2007] DTSA-55-1 centerim - arbitrary code execution {CVE-2007-3713} [lenny] - centerim 4.22.1-2lenny1 +[September 4st, 2007] DTSA-56-1 zziplib - arbitrary code execution + {CVE-2007-1614} + [lenny] - zziplib 0.12.83-8lenny1 |