204413 – archivers/unzip multiple vulnerabilities

Bug 204413 - archivers/unzip multiple vulnerabilities

Summary: archivers/unzip multiple vulnerabilities

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Emanuel Haupt

URL:
Keywords:	needs-patch, security

Depends on:
Blocks:

Reported:	2015-11-10 01:03 UTC by Sevan Janiyan
Modified:	2016-01-05 13:25 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (ehaupt)

Attachments
Patch to fix CVE-2015-7696 and CVE-2015-7697 (3.83 KB, patch) 2016-01-04 14:38 UTC, Emanuel Haupt	no flags	Details \| Diff
VuXML entry to be added (1.04 KB, text/plain) 2016-01-05 06:01 UTC, Emanuel Haupt	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2015-11-10 01:03:39 UTC

CVE-2015-7696 CVE-2015-7697

Comment 1 Emanuel Haupt freebsd_committer

2016-01-04 14:38:40 UTC

Created attachment 165057 [details]
Patch to fix CVE-2015-7696 and CVE-2015-7697

Comment 2 Mark Felder freebsd_committer

2016-01-05 02:46:05 UTC

Emanual, let me know if you need any assistance with the vuxml entry

Comment 3 Emanuel Haupt freebsd_committer

2016-01-05 06:00:16 UTC

(In reply to Mark Felder from comment #2)
Thank you for the offer to review the VuXML entry. Bernard Spil kindly helped me with the entry (attached). I would appreciate your review.

Comment 4 Emanuel Haupt freebsd_committer

2016-01-05 06:01:17 UTC

Created attachment 165091 [details]
VuXML entry to be added

VuXML entry kindly provided by brnrd

Comment 5 commit-hook freebsd_committer

2016-01-05 13:09:24 UTC

A commit references this bug:

Author: ehaupt
Date: Tue Jan  5 13:08:35 UTC 2016
New revision: 405286
URL: https://svnweb.freebsd.org/changeset/ports/405286

Log:
  Fix multiple vulnerabilities.

  PR:		204413 (based on)
  Notified by:	venture37@geeklan.co.uk
  Security:	CVE-2015-7696, CVE-2015-7697
  MFH:		2016Q1

Changes:
  head/archivers/unzip/Makefile
  head/archivers/unzip/files/patch-crypt.c
  head/archivers/unzip/files/patch-extract.c

Comment 6 commit-hook freebsd_committer

2016-01-05 13:13:26 UTC

A commit references this bug:

Author: ehaupt
Date: Tue Jan  5 13:12:57 UTC 2016
New revision: 405287
URL: https://svnweb.freebsd.org/changeset/ports/405287

Log:
  MFH: r405286

  Fix multiple vulnerabilities.

  PR:		204413 (based on)
  Notified by:	venture37@geeklan.co.uk
  Security:	CVE-2015-7696, CVE-2015-7697
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/archivers/unzip/Makefile
  branches/2016Q1/archivers/unzip/files/patch-crypt.c
  branches/2016Q1/archivers/unzip/files/patch-extract.c