CERT-FI and CPNI published a results of their research on archiver flaws. Large set of archives in various formats (ACE, ARJ, BZ2, CAB, GZ, LHA, RAR, TAR, ZIP and ZOO) was published, along with list of affected vendors. According to the results, p7zip contained some problems, that should be fixed in upstream 4.57. However, CERT-FI/CPNI and 7-Zip pages do not seem to have further details on which formats were affected and whether those were crash-only issues or possibly some code execution issues. Fedora currently ships p7zip 4.51. References: https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html http://bugs.gentoo.org/show_bug.cgi?id=213889
p7zip-4.61-1.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/p7zip-4.61-1.fc9
p7zip-4.61-1.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/p7zip-4.61-1.fc8
p7zip-4.61-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/p7zip-4.61-1.fc10
p7zip-4.61-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
p7zip-4.61-1.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
p7zip-4.61-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
All relevant updates have been pushed to the stable updates. Closing.