Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-2012-1162 / -1163: Incorrect loop construct and numeric overflow in libzip
From: Timo Warns <warns () pre-sense de>
Date: Thu, 29 Mar 2012 15:29:33 +0200

I just realized that only libzip 0.10 is affected by these
vulnerabilities, but not older versions of libzip.

Stefan Cornelius has identified the precise commits that introduced the

As PHP and zipruby include older versions of libzip, they are not
affected by the issues.

Cheers, Timo

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]