[ubuntu/bionic-updates] unzip 6.0-21ubuntu1.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Dec 16 14:58:12 UTC 2020
unzip (6.0-21ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow in password protected ZIP archives
- debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
check before allocating memory in fileio.c.
- CVE-2018-1000035
* SECURITY UPDATE: denial of service (resource consumption)
- debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
in undefer_input() of fileio.c that misplaced the input state.
- debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
Detect and reject a zip bomb using overlapped entries.
- debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
Do not raise a zip bomb alert for a misplaced central directory.
- CVE-2019-13232
Date: 2020-12-02 02:52:14.821331+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/unzip/6.0-21ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list