oss-sec mailing list archives
Re: LZW decompression issues
From: Joerg Sonnenberger <joerg () britannica bec de>
Date: Thu, 29 Sep 2011 14:50:22 +0200
On Thu, Sep 29, 2011 at 04:38:08AM +0400, Solar Designer wrote:
Hi Tavis, On Wed, Sep 28, 2011 at 08:42:56PM +0200, Tavis Ormandy wrote:I believe I wrote that patch,I believe you wrote a different patch, or two: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/gzip/Attic/gzip-1.3.5-google-owl-bound.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/gzip/Attic/gzip-1.3.5-gentoo-huft_build-return.diff
This is not about GNU (g)zip, but the NetBSD/FreeBSD tool of the same name. The corresponding NetBSD advisory explicitly lists GNU gzip and libarchive as not vulnerable. Joerg
Current thread:
- LZW decompression issues Tomas Hoger (Aug 10)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Colin Percival (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tavis Ormandy (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 29)
- Re: LZW decompression issues Tim Zingelman (Sep 29)
- Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 29)
- Re: LZW decompression issues Tavis Ormandy (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 28)