Skip to content
Commits on Source (3)
CVE-2018-XXXX [Avoid returning CHM file entries that are "blank" because they have embedded null bytes]
CVE-2018-18585 [Avoid returning CHM file entries that are "blank" because they have embedded null bytes]
- libsmpack <unfixed> (bug #911637)
NOTE: https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
CVE-2018-XXXX [add anti "../" and leading slash protection to chmextract]
CVE-2018-18586 [add anti "../" and leading slash protection to chmextract]
- libsmpack <unfixed> (unimportant; bug #911639)
NOTE: https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
NOTE: https://www.openwall.com/lists/oss-security/2018/10/22/1
......@@ -10,7 +10,7 @@ CVE-2018-XXXX [add anti "../" and leading slash protection to chmextract]
NOTE: This sample code is not installed into the binary packages and was as well
NOTE: never the idea to use it in "productised" binaries, but rather just simple
NOTE: examples of the library use.
CVE-2018-XXXX [CAB block input buffer is one byte too small for maximal Quantum block]
CVE-2018-18584 [CAB block input buffer is one byte too small for maximal Quantum block]
- cabextract 1.4-5
NOTE: Starting with 1.4-5 cabextract uses the mspack system library
- libsmpack <unfixed> (bug #911640)