Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZipArchive may have attracted curiosity of Jia Tan #699

Open
Coeur opened this issue Apr 2, 2024 · 0 comments
Open

ZipArchive may have attracted curiosity of Jia Tan #699

Coeur opened this issue Apr 2, 2024 · 0 comments

Comments

@Coeur
Copy link
Member

Coeur commented Apr 2, 2024
edited

Jia Tan, now famous for incorporating a state-sponsored backdoor to the archive tool xz CVE-2024-3094 (CVSS score: 10.0), affecting xz 3.6.0 and 3.6.1, had forked ZipArchive in the past:
https://github.com/Jiat75/ZipArchive/

Luckily, they apparently didn't go beyond that for our project. And they apparently didn't fork minizip.

Note that xz wasn't their only target, since they also tried their hand on libarchive:
libarchive/libarchive#1609 (affecting multiple releases, fixed in libarchive 3.7.2_1)
@Coeur Coeur closed this as completed Apr 2, 2024
@Coeur Coeur changed the title ZipArchive may has a po ZipArchive may have attracted curiosity of Jiat Tan Apr 2, 2024
@Coeur Coeur reopened this Apr 2, 2024
@Coeur Coeur changed the title ZipArchive may have attracted curiosity of Jiat Tan ZipArchive may have attracted curiosity of Jia Tan Apr 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Coeur