UbuntuUpdates.org

Package "libmspack"

Name: libmspack

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library for Microsoft compression formats (development files)
  • library for Microsoft compression formats (documentation)
  • library for Microsoft compression formats (shared library)
Latest version: 0.6-3ubuntu0.3
Release: bionic (18.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libmspack" in Bionic

Repository Area Version
base main 0.6-3
security main 0.6-3ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6-3ubuntu0.3 2019-07-19 00:07:09 UTC

  libmspack (0.6-3ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in mspack/chmd.c.
    - CVE-2019-1010305

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Jul 2019 12:06:02 -0300
Source diff to previous version
CVE-2019-1010305 libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in libmsp

Version: 0.6-3ubuntu0.2 2018-11-12 12:06:23 UTC

  libmspack (0.6-3ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in cab.h
    - CVE-2018-18584

 -- Alex Murray <email address hidden> Thu, 08 Nov 2018 22:45:35 +1030
Source diff to previous version
CVE-2018-18585 chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0"
CVE-2018-18584 In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum bloc

Version: 0.6-3ubuntu0.1 2018-08-01 21:06:37 UTC

  libmspack (0.6-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in chmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in Makefile.am,
      mspack/kwajd.c, test/kwajd_test.c and add some files
      for test propose in test_files/kwajd/f*.kwj.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in mspack/chmd.c.
    - CVE-2018-14682

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 01 Aug 2018 10:40:12 -0300
CVE-2018-14679 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks
CVE-2018-14680 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14681 An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or tw
CVE-2018-14682 An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.


About   -   Send Feedback to @ubuntu_updates