[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] LZW decompression issues
From:       Tavis Ormandy <taviso () cmpxchg8b ! com>
Date:       2011-09-29 15:51:00
Message-ID: 20110929155100.GP4635 () cmpxchg8b ! com
[Download RAW message or body]

On Thu, Sep 29, 2011 at 02:50:22PM +0200, Joerg Sonnenberger wrote:
> On Thu, Sep 29, 2011 at 04:38:08AM +0400, Solar Designer wrote:
> > Hi Tavis,
> > 
> > On Wed, Sep 28, 2011 at 08:42:56PM +0200, Tavis Ormandy wrote:
> > > I believe I wrote that patch,
> > 
> > I believe you wrote a different patch, or two:
> > 
> > http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/gzip/Attic/gzip-1.3.5-google-owl-bound.diff
> >  http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/gzip/Attic/gzip-1.3.5-gentoo-huft_build-return.diff
> > 
> 
> This is not about GNU (g)zip, but the NetBSD/FreeBSD tool of the same
> name. The corresponding NetBSD advisory explicitly lists GNU gzip and
> libarchive as not vulnerable.
> 
> Joerg

I see, apologies for misunderstanding.

Tavis.

-- 
-------------------------------------
taviso@cmpxchg8b.com | pgp encrypted mail preferred
-------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]