New Update 7-Zip version 22.00 released

Zartarra said:
Contains the latest version a fix for vulnerability CVE-2022-29072?
github.com

GitHub - kagancapar/CVE-2022-29072: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. - kagancapar/CVE-2022-29072
github.com github.com
Click to expand...

I am sorry for being very late to reply, but today, I found some info about your question, looks like no fix included yet in latest version 22.00
Click to expand...
The source article below sounds harsh... I don't know what is true or partially true 🤷‍♂️
nixsanctuary.com

Boycott 7-zip: "Limited" Open Source & Security Issues

"Limited" Open Source 7-zip developed by Igor Pavlov, first release happened in far 1999. Licensed under LGPL-2.1-or-later, but one detail: you can't find the actual sources on Github, Gitlab, nor any public code hosting, only src.7z on official Sourceforge page. No history, no committers, no...
nixsanctuary.com nixsanctuary.com

www.theregister.com

About that misguided call for a 7-Zip boycott

It's good to highlight some alternatives, but security issues are overblown
www.theregister.com www.theregister.com
 
  • Like
  • +Reputation
Reactions: show-Zi, SeriousHoax, Zartarra and 2 others
silversurfer said:
I am sorry for being very late to reply, but today, I found some info about your question, looks like no fix included yet in latest version 22.00

The source article below sounds harsh... I don't know what is true or partially true 🤷‍♂️
nixsanctuary.com

Boycott 7-zip: "Limited" Open Source & Security Issues

"Limited" Open Source 7-zip developed by Igor Pavlov, first release happened in far 1999. Licensed under LGPL-2.1-or-later, but one detail: you can't find the actual sources on Github, Gitlab, nor any public code hosting, only src.7z on official Sourceforge page. No history, no committers, no...
nixsanctuary.com nixsanctuary.com

www.theregister.com

About that misguided call for a 7-Zip boycott

It's good to highlight some alternatives, but security issues are overblown
www.theregister.com www.theregister.com
Click to expand...
@silversurfer ,

Thanks for all the information.
 
  • Like
Reactions: show-Zi and silversurfer
  • Like
  • Thanks
  • +Reputation
Reactions: silversurfer, Zartarra, roger_m and 9 others
silversurfer said:
I am sorry for being very late to reply, but today, I found some info about your question, looks like no fix included yet in latest version 22.00

The source article below sounds harsh... I don't know what is true or partially true 🤷‍♂️
nixsanctuary.com

Boycott 7-zip: "Limited" Open Source & Security Issues

"Limited" Open Source 7-zip developed by Igor Pavlov, first release happened in far 1999. Licensed under LGPL-2.1-or-later, but one detail: you can't find the actual sources on Github, Gitlab, nor any public code hosting, only src.7z on official Sourceforge page. No history, no committers, no...
nixsanctuary.com nixsanctuary.com

www.theregister.com

About that misguided call for a 7-Zip boycott

It's good to highlight some alternatives, but security issues are overblown
www.theregister.com www.theregister.com
Click to expand...
That website is spreading false information however, the source of 7z is publicly available, 7-Zip - Browse Files at SourceForge.net

You can download 7z from direct links in the official website too, regardless, 7z was never packed with bundleware, always been a simple setup file that extracts 7z.

SourceForge is a legit website that developers been using for decades to share their files and sources (this was long before GitHub even existed).

CVE-2022-29072 is false and was confirmed by multiple specialists is not a real exploit (you can see it was dispusted), the guy who leaked it is pretty much known as fraud.

CVE-2018-5996 which he also claims is still an issue in 7z, was patched back in version 18 (same year exploit was revealed).

It's clear that guy is just looking to advertise PeaZip, none of his arguments pan out and is full of misinformation, this type of toxic behaviour just makes me wanna use PeaZip less.
 
Last edited:
  • Like
  • +Reputation
  • Wow
Reactions: Zartarra, roger_m and show-Zi

You may also like...