197300 – archivers/unzip: Port should be marked vulnerable to CVE-2014-9636

Bug 197300 - archivers/unzip: Port should be marked vulnerable to CVE-2014-9636

Summary: archivers/unzip: Port should be marked vulnerable to CVE-2014-9636

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	amd64 Any

Importance:	--- Affects Only Me
Assignee:	Xin LI

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-03 20:41 UTC by rsimmons0
Modified:	2015-02-03 22:46 UTC (History)
CC List:	1 user (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ehaupt)

Attachments
patch for CVE-2014-9636 (1.76 KB, text/plain) 2015-02-03 20:41 UTC, rsimmons0	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description rsimmons0 2015-02-03 20:41:54 UTC

Created attachment 152529 [details]
patch for CVE-2014-9636

The port archivers/unzip is vulnerable to CVE-2014-9636. Further information is here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9636
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9636.html

Here is the patch from upstream:
http://www.info-zip.org/phpBB3/download/file.php?id=95&sid=95e98be32f791909977347bca032d3bc

I have merged this patch with the previous extract.c patch into one. Attached is an patch that fixes the port.

The message attached to the patch above is:

=================

From a9bfab5b52d08879bbc5e0991684b700127ddcff Mon Sep 17 00:00:00 2001
From: mancha <mancha1 AT zoho DOT com>
Date: Mon, 3 Nov 2014
Subject: Info-ZIP UnZip buffer overflow

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.

Comment 1 Bugzilla Automation freebsd_committer

2015-02-03 20:41:54 UTC

Auto-assigned to maintainer ehaupt@FreeBSD.org

Comment 2 commit-hook freebsd_committer

2015-02-03 22:35:44 UTC

A commit references this bug:

Author: delphij
Date: Tue Feb  3 22:35:07 UTC 2015
New revision: 378381
URL: https://svnweb.freebsd.org/changeset/ports/378381

Log:
  Document unzip out of boundary access issues in test_compr_eb.

  PR:		ports/197300

Changes:
  head/security/vuxml/vuln.xml

Comment 3 Xin LI freebsd_committer

2015-02-03 22:38:44 UTC

Committed, thanks!

Comment 4 commit-hook freebsd_committer

2015-02-03 22:38:46 UTC

A commit references this bug:

Author: delphij
Date: Tue Feb  3 22:37:46 UTC 2015
New revision: 378382
URL: https://svnweb.freebsd.org/changeset/ports/378382

Log:
  Apply Debian patch for CVE-2014-9636 which fixes out of
  boundary access issue in test_compr_eb.

  PR:		ports/197300
  Submitted by:	Robert Simmons <rsimmons0 gmail com>
  Approved by:	so
  Security:	e543c6f8-abf2-11e4-8ac7-d050992ecde8
  MFH:		2015Q1

Changes:
  head/archivers/unzip/Makefile
  head/archivers/unzip/files/patch-extract.c

Comment 5 commit-hook freebsd_committer

2015-02-03 22:46:48 UTC

A commit references this bug:

Author: delphij
Date: Tue Feb  3 22:46:14 UTC 2015
New revision: 378383
URL: https://svnweb.freebsd.org/changeset/ports/378383

Log:
  MFH: r378382

  Apply Debian patch for CVE-2014-9636 which fixes out of
  boundary access issue in test_compr_eb.

  PR:		ports/197300
  Submitted by:	Robert Simmons <rsimmons0 gmail com>
  Security:	e543c6f8-abf2-11e4-8ac7-d050992ecde8
  Approved by:	ports-secteam

Changes:
_U  branches/2015Q1/
  branches/2015Q1/archivers/unzip/Makefile
  branches/2015Q1/archivers/unzip/files/patch-extract.c