Overview
Request 626498 superseded
- Update to version 0.7 (bsc#1103032):
* Fix 1 or 2 byte overwrite by bad KWAJ file header extensions
(CVE-2018-14681).
* Fix 1 byte overread by character U+0100 in a CHM filename
(CVE-2018-14682).
* Reject blank CHM filenames (CVE-2018-14680).
* Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
which could cause a crash (CVE-2018-14679).
- Created by sbrabec
- In state superseded
- Supersedes 625812
- Superseded by 644177
-
Open review for
legal-auto
-
Open review for
factory-staging
Request History
sbrabec created request
- Update to version 0.7 (bsc#1103032):
* Fix 1 or 2 byte overwrite by bad KWAJ file header extensions
(CVE-2018-14681).
* Fix 1 byte overread by character U+0100 in a CHM filename
(CVE-2018-14682).
* Reject blank CHM filenames (CVE-2018-14680).
* Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
which could cause a crash (CVE-2018-14679).
factory-auto declined review
Output of check script:
ERROR: Failed to download "https://www.cabextract.org.uk/libmspack/libmspack-0.7alpha.tar.gz"
Source URLs are not valid. Try "osc service localrun download_files"
factory-auto declined request
Output of check script:
ERROR: Failed to download "https://www.cabextract.org.uk/libmspack/libmspack-0.7alpha.tar.gz"
Source URLs are not valid. Try "osc service localrun download_files"
sbrabec reopened request
Please accept with the problem. According to the upstream web server maintainer, it is not intended change but a temporary problem.
factory-auto declined review
Output of check script:
ERROR: Failed to download "https://www.cabextract.org.uk/libmspack/libmspack-0.7alpha.tar.gz"
Source URLs are not valid. Try "osc service localrun download_files"
factory-auto declined request
Output of check script:
ERROR: Failed to download "https://www.cabextract.org.uk/libmspack/libmspack-0.7alpha.tar.gz"
Source URLs are not valid. Try "osc service localrun download_files"
New update fixes this problem as well.
