Debian
7zip package

7zip 22.01+dfsg-8+deb12u1 source package in Debian

Changelog

7zip (22.01+dfsg-8+deb12u1) bookworm; urgency=medium

  * Fix CVE-2023-52168 (buffer overflow) and CVE-2023-52169 (buffer over-read)

    * CVE-2023-52168: heap-based buffer overflow
        NTFS handler allows an attacker to overwrite two bytes at multiple
        offsets beyond the allocated buffer size.
    * CVE-2023-52169: out-of-bounds read
        NTFS handler allows an attacker to read beyond the intended buffer.
        The bytes read beyond the intended buffer are presented as a part of
        a filename listed in the file system image. This has security relevance
        in some known web-service use cases where untrusted users can upload
        files and have them extracted by a server-side 7-Zip process.

    Detailed report about these issues are available at:
    https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/

 -- YOKOTA Hiroshi <email address hidden>  Fri, 18 Oct 2024 01:45:17 +0900

Upload details

Uploaded by:
YOKOTA Hiroshi
Uploaded to:
Bookworm
Original maintainer:
YOKOTA Hiroshi
Architectures:
any
Section:
misc
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bookworm release main misc

Builds

Downloads

File Size SHA-256 Checksum
7zip_22.01+dfsg-8+deb12u1.dsc 1.9 KiB 1c4de3c09edbe16dcb64664eeca345800f10b2326ecbf899cb6166c1fc00042f
7zip_22.01+dfsg.orig.tar.xz 1.2 MiB 3cd3c077d24cd0fd3bfec8808d55b8cb95a3052fa92556880e2c4fa41ce8263c
7zip_22.01+dfsg-8+deb12u1.debian.tar.xz 12.1 KiB db397518db0bc29c5e113f07f07f534d36838cbf1e3a2e88996541c7f97d4010

No changes file available.

Binary packages built by this source