[Bug 1830629] Re: Errors when extracting ZIP files. It can not differentiate between files and directories
Alex Murray
alex.murray at canonical.com
Thu May 30 07:32:59 UTC 2019
Thanks for reporting this issue - this would appear to have potential
security implications, however as it is already public I see no reason
to keep this private - if a CVE were to be assigned then this could be
fixed via a security update by the security team, otherwise this would
be fixed via the normal SRU process[1]. As such, please feel free to
file a CVE request with MITRE[2] and if one is assigned, please update
this bug report with the CVE ID and we can fix it via the security team.
[1] https://wiki.ubuntu.com/StableReleaseUpdates
[2] https://cve.mitre.org/cve/request_id.html
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libarchive in Ubuntu.
https://bugs.launchpad.net/bugs/1830629
Title:
Errors when extracting ZIP files. It can not differentiate between
files and directories
Status in libarchive package in Ubuntu:
New
Bug description:
The specific version included in Ubuntu 18.04 (libarchive 3.2.2) is
the only version that presents the problem. This version has a known
problem when reading file entries in ZIP files, where it incorrectly
identifies directories and files entries.
It has been confirmed that the previous and following versions
(3.3.1+) do not have this problem and the library handles the ZIP
files correctly.
Is it possible to include a newer version of libarchive (3.3.1+) in
Bionic?
This problem is seriously affecting some of our systems.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1830629/+subscriptions
More information about the foundations-bugs
mailing list