link to heise.de:
https://www.heise.de/news/7-Zip-Luecke-ermoeglicht-Codeschmuggel-mit-manipulierten-Archiven-10083297.html
title: 7-Zip-Lücke ermöglicht Codeschmuggel mit manipulierten Archiven
just as a note
[note - TC 11.50b7] Concerning 7z integration - Did you read the current security notice for 7z?
Moderators: Hacker, petermad, Stefan2, white
Re: [note - TC 11.50b7] Concerning 7z integration - Did you read the current security notice for 7z?
The linked article mentions version 24.07
Since August, the actual version is 24.08.
As of TC 11.50b7 the 7zip files are already on this version.
Since August, the actual version is 24.08.
As of TC 11.50b7 the 7zip files are already on this version.
Windows 11 Home, Version 24H2 (OS Build 26100.4351)
TC 11.55 RC6 x64 / x86
Everything 1.5.0.1395a (x64), Everything Toolbar 1.5.5.0, Listary Pro 6.3.2.88
QAP 11.9.0.3 x64
TC 11.55 RC6 x64 / x86
Everything 1.5.0.1395a (x64), Everything Toolbar 1.5.5.0, Listary Pro 6.3.2.88
QAP 11.9.0.3 x64
-
ghisler(Author)
- Site Admin
- Posts: 50824
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
Re: [note - TC 11.50b7] Concerning 7z integration - Did you read the current security notice for 7z?
As I understand it, the security hole is in the ZSTD compression, which isn't used for 7-Zip archives, just for ZIP archives. For unpacking ZSTD-compressed ZIP archives, I'm not using the 7-Zip library, I use the ZSTD code from here (lastest version 1.5.6 since 11.50 beta 1):
https://github.com/facebook/zstd
They did not issue any update since March, so apparently their implementation isn't affected.
https://github.com/facebook/zstd
They did not issue any update since March, so apparently their implementation isn't affected.
Moderator message from: ghisler(Author) » 2024-11-26, 11:35 UTC
Moved to will not be changed
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com