[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] LZW decompression issues
From: Tavis Ormandy <taviso () cmpxchg8b ! com>
Date: 2011-09-29 15:51:00
Message-ID: 20110929155100.GP4635 () cmpxchg8b ! com
[Download RAW message or body]
On Thu, Sep 29, 2011 at 02:50:22PM +0200, Joerg Sonnenberger wrote:
> On Thu, Sep 29, 2011 at 04:38:08AM +0400, Solar Designer wrote:
> > Hi Tavis,
> >
> > On Wed, Sep 28, 2011 at 08:42:56PM +0200, Tavis Ormandy wrote:
> > > I believe I wrote that patch,
> >
> > I believe you wrote a different patch, or two:
> >
> > http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/gzip/Attic/gzip-1.3.5-google-owl-bound.diff
> > http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/gzip/Attic/gzip-1.3.5-gentoo-huft_build-return.diff
> >
>
> This is not about GNU (g)zip, but the NetBSD/FreeBSD tool of the same
> name. The corresponding NetBSD advisory explicitly lists GNU gzip and
> libarchive as not vulnerable.
>
> Joerg
I see, apologies for misunderstanding.
Tavis.
--
-------------------------------------
taviso@cmpxchg8b.com | pgp encrypted mail preferred
-------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic