Changelog for lha-1.14i-18.i386.rpm :
Sun Oct 3 14:00:00 2004 PLD Team
All persons listed below can be reached at AATTpld.org.pl

$Log: lha.spec,v $
Revision 1.27 2004/10/03 21:01:56 kloczek
- release 18,
- SECURITY FIXES: added sec patch (stolen from FC)
CAN-2004-0769
Buffer overflow in LHA allows remote attackers to execute arbitrary code
via long pathnames in LHarc format 2 headers for a .LHZ archive, as
originally demonstrated using the \"x\" option but also exploitable through
\"l\" and \"v\", and fixed in header.c, a different issue than CAN-2004-0771.
CAN-2004-0771, CAN-2004-0694
Buffer overflow in the extract_one function from lhext.c in LHA may allow
attackers to execute arbitrary code via a long w (working directory) command
line option, a different issue than CAN-2004-0769. NOTE: this issue may be
REJECTED if there are not any cases in which LHA is setuid or is otherwise
used across security boundaries.
CAN-2004-0745
LHA 1.14 and earlier allows attackers to execute arbitrary commands via a
directory with shell metacharacters in its name.
- added dir_length_bounds_check patch stolen from FC: fixed segmentation fault
on ia64.

Revision 1.26 2004/07/17 17:17:14 kloczek
- release 17,
- rebuild against gcc 3.4.1,
- SECURITY FIXES: added sec patch (stolen from FC)
CAN-2004-0234:
Multiple stack-based buffer overflows in the get_header function in
header.c for LHA 1.14 allow remote attackers or local users to execute
arbitrary code via long directory or file names in an LHA archive, which
triggers the overflow when testing or extracting the archive.
CAN-2004-0235:
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote
attackers or local users to create arbitrary files via an LHA archive
containing filenames with (1) .. sequences or (2) absolute pathnames
with double leading slashes (\"//absolute/path\").
- added malloc patch stolen from FC: fix segmentation fault on ia64.

Revision 1.25 2004/03/29 04:10:41 kloczek
- cleanups.