libmspack 0.7.1 release

To: Stuart Caie <kyzer%cabextract.org.uk@localhost>
Subject: libmspack 0.7.1 release
From: Stuart Caie <kyzer%cabextract.org.uk@localhost>
Date: Thu, 9 Aug 2018 13:26:12 +0100

Hello all,

libmspack 0.7.1 has been released.

There are no bugfixes or new features. This release obfuscates one ofthe test files to make libmspack distribution possible.


libmspack 0.7 has been mostly unavailable for download since release.

I've investigated why, and found my ISP deletes all "virus infected"files detected by ClamAV. ClamAV finds BC.Legacy.Exploit.CVE_2012_1458-1in the libmspack 0.7 release. This signature detects CHM files with anLZX reset interval of zero, which ClamAV and libmspack were vulnerableto six years ago.

No other CVEs shared between libmspack and ClamAV have ClamAVsignatures, as far as I know. I will continue to include test files thatprove old libmspack vulnerabilties are fixed. I've asked someone fromClamAV if this legacy signature can be removed.

In the meantime, in order to ensure libmspack can be released and remainavailable, I have obfuscated the affected test file and made a new release.


libmspack can be downloaded from https://www.cabextract.org.uk/libmspack/

SHA256 sum:

97a970db5093e34d4f50cb8daac1feebdf14acba912144417bd3aa323fdfc47elibmspack-0.7.1alpha.tar.gz


Regards
Stuart

Prev by Date: Re: Patch to update lldpd to 1.0.1
Next by Date: pkgsrc on slackware: freetype2 missing windows.h
Previous by Thread: configure: error: could not determine ar interface [NetBSD-8.0]
Next by Thread: pkgsrc on slackware: freetype2 missing windows.h
Indexes:

Home | Main Index | Thread Index | Old Index