pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

libmspack 0.7.1 release

Hello all,

libmspack 0.7.1 has been released.

There are no bugfixes or new features. This release obfuscates one of the test files to make libmspack distribution possible.

libmspack 0.7 has been mostly unavailable for download since release.

I've investigated why, and found my ISP deletes all "virus infected" files detected by ClamAV. ClamAV finds BC.Legacy.Exploit.CVE_2012_1458-1 in the libmspack 0.7 release. This signature detects CHM files with an LZX reset interval of zero, which ClamAV and libmspack were vulnerable to six years ago.

No other CVEs shared between libmspack and ClamAV have ClamAV signatures, as far as I know. I will continue to include test files that prove old libmspack vulnerabilties are fixed. I've asked someone from ClamAV if this legacy signature can be removed.

In the meantime, in order to ensure libmspack can be released and remain available, I have obfuscated the affected test file and made a new release.

libmspack can be downloaded from

SHA256 sum:

97a970db5093e34d4f50cb8daac1feebdf14acba912144417bd3aa323fdfc47e libmspack-0.7.1alpha.tar.gz


Home | Main Index | Thread Index | Old Index