UbuntuUpdates.org

Package "libmspack-doc"

Name: libmspack-doc

Description:

library for Microsoft compression formats (documentation)
Latest version: 0.6-3ubuntu0.3
Release: bionic (18.04)
Level: security
Repository: main
Head package: libmspack
Homepage: https://www.cabextract.org.uk/libmspack/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libmspack-doc"

All arch deb package
APT INSTALL

Other versions of "libmspack-doc" in Bionic

Repository Area Version
base main 0.6-3
updates main 0.6-3ubuntu0.3

Changelog

Version: 0.6-3ubuntu0.3 2019-07-18 23:07:08 UTC

  libmspack (0.6-3ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in mspack/chmd.c.
    - CVE-2019-1010305

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Jul 2019 12:06:02 -0300
Source diff to previous version
CVE-2019-1010305 libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmsp

Version: 0.6-3ubuntu0.2 2018-11-12 11:06:25 UTC

  libmspack (0.6-3ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in cab.h
    - CVE-2018-18584

 -- Alex Murray <email address hidden> Thu, 08 Nov 2018 22:45:35 +1030
Source diff to previous version
CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0"
CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum bloc

Version: 0.6-3ubuntu0.1 2018-08-01 20:06:57 UTC

  libmspack (0.6-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in chmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in Makefile.am,
      mspack/kwajd.c, test/kwajd_test.c and add some files
      for test propose in test_files/kwajd/f*.kwj.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in mspack/chmd.c.
    - CVE-2018-14682

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 01 Aug 2018 10:40:12 -0300
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.


About   -   Send Feedback to @ubuntu_updates