Bug 220596 - CVE-2006-4335/7/8 multiple vulnerabilities in lha
Summary: CVE-2006-4335/7/8 multiple vulnerabilities in lha
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: lha
Version: 5
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Tomas Smetana
QA Contact:
URL: http://sourceforge.jp/projects/lha/do...
Whiteboard: impact=low,reported=20061204,public=2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-12-22 12:42 UTC by Lubomir Kundrak
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: 1.14i-20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-06-05 08:12:35 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Lubomir Kundrak 2006-12-22 12:42:01 UTC 
+++ This bug was initially created as a clone of Bug #220595 +++

Description of problem:

Multiple vulnerabilities found in GNU gzip also apply to lha, namely:
CVE-2006-4335, CVE-2006-4337 and CVE-2006-4338.

Those are described in detail in
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204676

Version-Release number of selected component (if applicable):
RHEL 2.1, RHEL 3, RHEL 4 and FC 5

How reproducible:

Reproducers available for gzip do not work.

Additional info:

As it's Christmas soon, my Christmas presence for you is the backported patch,
so you don't have to deal with change of coding style between the releases :)

-- Additional comment from lkundrak on 2006-12-22 07:40 EST --
Created an attachment (id=144273)
Backported patch for releases after RHEL 2.1
Comment 1 Tomas Smetana 2007-05-31 08:33:26 UTC 
The lha package is not in FC6 or newer... Changed version to FC5.
Note You need to log in before you can comment on or make changes to this bug.