[Bug 1208468] New: VUL-0: CVE-2023-24785: peazip: DoS via the End of Archive tag function of the peazip/pea UNPEA feature
https://bugzilla.suse.com/show_bug.cgi?id=1208468 Bug ID: 1208468 Summary: VUL-0: CVE-2023-24785: peazip: DoS via the End of Archive tag function of the peazip/pea UNPEA feature Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/357630/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: gabriele.sonnu@suse.com QA Contact: qa-bugs@suse.de CC: security-team@suse.de Found By: Security Response Team Blocker: --- An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24785 https://www.cve.org/CVERecord?id=CVE-2023-24785 https://sourceforge.net/p/peazip/tickets/734/ -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208468 Gabriele Sonnu <gabriele.sonnu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |pstivanin@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208468 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208468 https://bugzilla.suse.com/show_bug.cgi?id=1208468#c3 Paolo Stivanin <pstivanin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #3 from Paolo Stivanin <pstivanin@suse.com> --- new release is out, working on it -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208468 https://bugzilla.suse.com/show_bug.cgi?id=1208468#c4 --- Comment #4 from Paolo Stivanin <pstivanin@suse.com> --- factory sr: https://build.opensuse.org/request/show/1067896 now working on leap -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208468 https://bugzilla.suse.com/show_bug.cgi?id=1208468#c5 Paolo Stivanin <pstivanin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #5 from Paolo Stivanin <pstivanin@suse.com> --- maintenance request for leap: https://build.opensuse.org/request/show/1067898 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208468 https://bugzilla.suse.com/show_bug.cgi?id=1208468#c6 --- Comment #6 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-SU-2023:0071-1: An update that solves one vulnerability and has one errata is now available. Category: security (moderate) Bug References: 1202690,1208468 CVE References: CVE-2023-24785 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): peazip-9.1.0-bp154.2.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com