[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
libmspack 0.7.1 release
libmspack 0.7.1 has been released.
There are no bugfixes or new features. This release obfuscates one of
the test files to make libmspack distribution possible.
libmspack 0.7 has been mostly unavailable for download since release.
I've investigated why, and found my ISP deletes all "virus infected"
files detected by ClamAV. ClamAV finds BC.Legacy.Exploit.CVE_2012_1458-1
in the libmspack 0.7 release. This signature detects CHM files with an
LZX reset interval of zero, which ClamAV and libmspack were vulnerable
to six years ago.
No other CVEs shared between libmspack and ClamAV have ClamAV
signatures, as far as I know. I will continue to include test files that
prove old libmspack vulnerabilties are fixed. I've asked someone from
ClamAV if this legacy signature can be removed.
In the meantime, in order to ensure libmspack can be released and remain
available, I have obfuscated the affected test file and made a new release.
libmspack can be downloaded from https://www.cabextract.org.uk/libmspack/
Main Index |
Thread Index |