19875 – p7zip security vulnerability CVE-2016-9296

Bug 19875 - p7zip security vulnerability CVE-2016-9296

Summary: p7zip security vulnerability CVE-2016-9296

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	https://lwn.net/Vulnerabilities/707698/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-12-01 00:55 CET by Zombie Ryushu
Modified:	2016-12-01 15:10 CET (History)
CC List:	0 users

See Also:
Source RPM:	p7zip
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Zombie Ryushu 2016-12-01 00:55:54 CET

Bug #1394790 - CVE-2016-9296 p7zip: Null pointer dereference in 7zIn.cpp
        https://bugzilla.redhat.com/show_bug.cgi?id=1394790

Comment 1 David Walser 2016-12-01 02:08:02 CET

Already fixed in p7zip-16.02-2.mga6 in Cauldron by David (we didn't file a bug for it).  He provided these references in the commit message:
  * https://sourceforge.net/p/p7zip/bugs/185/
  * https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296

He indicated to me at the time that the version in Mageia 5 was not affected, and looking at the code myself now, that appears to be the case.  Please re-open if you have definitive information that it is affected.

We hadn't filed a bug for this one, so thanks anyway for the report.

Status: NEW => RESOLVED
Version: 5 => Cauldron
Resolution: (none) => FIXED

David Walser 2016-12-01 15:10:46 CET

URL: http://www.linuxsecurity.com/content/view/169987/102/ => https://lwn.net/Vulnerabilities/707698/

Note You need to log in before you can comment on or make changes to this bug.