Thread overview |
---|
July 11, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 --- Comment #1 from Walter Bright <bugzilla@digitalmars.com> --- More info: https://www.vice.com/en_us/article/597vzx/the-most-clever-zip-bomb-ever-made-explodes-a-46mb-file-to-45-petabytes -- |
September 25, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 Berni <dlang@croco-puzzle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dlang@croco-puzzle.com --- Comment #2 from Berni <dlang@croco-puzzle.com> --- Some of these rejections feel a little bit dubious. E.g. "Rejects ZIP64 version 2 (and ZIP64 version 1).". Do we want to support Zip64 or not? Same question for multiple volumes and encryption. Also, zip has been designed to contain unused data: When removing a file from an archive, it can just be deleted from the central directory. From the view point of data protection this is horrible, but it's still a correct zip file, that should not be rejected by std.zip in my oppinion. "Rejects compression methods other than 0 (uncompressed) or 8 (deflate)." - At least 12 (bzip) might be an other candidate for decompression support in my oppinion. Others, like overlapping entries or invalid paths and so on, should of course be rejected. What do you think? -- |
September 27, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 Berni <dlang@croco-puzzle.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|nobody@puremagic.com |dlang@croco-puzzle.com -- |
October 07, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 berni44 <bugzilla@d-ecke.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla@d-ecke.de Assignee|dlang@croco-puzzle.com |bugzilla@d-ecke.de -- |
October 10, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 --- Comment #3 from berni44 <bugzilla@d-ecke.de> --- I moved several of these "rejects" to separate issues, grouping them thematically. I skipped issues, that are allready fixed, leaving here only the overlapping stuff, where I'll provide a fix in a minute. -- |
October 10, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 Dlang Bot <dlang-bot@dlang.rocks> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |pull --- Comment #4 from Dlang Bot <dlang-bot@dlang.rocks> --- @berni44 created dlang/phobos pull request #7223 "Fix issue 20027 - std.zip susceptible to zip malware attacks" fixing this issue: - Fix issue 20027 - std.zip susceptible to zip malware attacks https://github.com/dlang/phobos/pull/7223 -- |
October 10, 2019 [Issue 20027] std.zip susceptible to zip malware attacks | ||||
---|---|---|---|---|
| ||||
https://issues.dlang.org/show_bug.cgi?id=20027 Dlang Bot <dlang-bot@dlang.rocks> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #5 from Dlang Bot <dlang-bot@dlang.rocks> --- dlang/phobos pull request #7223 "Fix issue 20027 - std.zip susceptible to zip malware attacks" was merged into master: - 5f3e85025d3b9aaf5f4435b7b778b92ba26b2b79 by Bernhard Seckinger: Fix issue 20027 - std.zip susceptible to zip malware attacks https://github.com/dlang/phobos/pull/7223 -- |
Copyright © 1999-2021 by the D Language Foundation