Univention Bugzilla – Bug 54004
libmspack: Multiple issues (4.4)
Last modified: 2021-11-03 16:43:43 CET
New Debian libmspack 0.5-1.A~4.4.8.202111011209 fixes: This update addresses the following issues: * heap-based buffer overflow in mspack/lzxd.c (CVE-2017-6419) * Stack-based buffer over-read in cabd_read_string function (CVE-2017-11423) * off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * Out-of-bounds Write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) * Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) * buffer overflow in function chmd_read_headers() (CVE-2019-1010305)
--- mirror/ftp/4.3/unmaintained/4.3-3/source/libmspack_0.5-1.A~4.3.2.201811191242.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/libmspack_0.5-1.A~4.4.8.202111011209.dsc @@ -1,6 +1,12 @@ -0.5-1.A~4.3.2.201811191242 [Mon, 19 Nov 2018 12:45:35 +0100] Univention builddaemon <buildd@univention.de>: +0.5-1.A~4.4.8.202111011209 [Mon, 01 Nov 2021 12:21:33 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. No patches were applied to the original source package + +0.5-1+deb9u4 [Sun, 31 Oct 2021 19:58:39 +0200] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2019-1010305 + Opening a crafted chm file might result in a buffer overflow. 0.5-1+deb9u3 [Fri, 26 Oct 2018 19:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: <http://piuparts.knut.univention.de/4.4-8/#2613180713693048838>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 53b874bb48 Bug #54004: libmspack 0.5-1.A~4.4.8.202111011209 doc/errata/staging/libmspack.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) [4.4-8] ee27846ab4 Bug #54004: libmspack 0.5-1.A~4.4.8.202111011209 doc/errata/staging/libmspack.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1084>