[ubuntu/cosmic-proposed] zziplib 0.13.62-3.1ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Jun 29 17:26:15 UTC 2018 

zziplib (0.13.62-3.1ubuntu1) cosmic; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

Date: Fri, 29 Jun 2018 11:26:58 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/zziplib/0.13.62-3.1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Jun 2018 11:26:58 -0400
Source: zziplib
Binary: zziplib-bin libzzip-0-13 libzzip-dev
Architecture: source
Version: 0.13.62-3.1ubuntu1
Distribution: cosmic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 libzzip-0-13 - library providing read access on ZIP-archives - library
 libzzip-dev - library providing read access on ZIP-archives - development
 zziplib-bin - library providing read access on ZIP-archives - binaries
Changes:
 zziplib (0.13.62-3.1ubuntu1) cosmic; urgency=medium
 .
   * SECURITY UPDATE: invalid mem access in zzip_disk_fread
     - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
     - CVE-2018-6381
   * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
     - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
     - CVE-2018-6484
     - CVE-2018-6541
     - CVE-2018-6869
   * SECURITY UPDATE: bus error in zzip_disk_findfirst
     - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
     - CVE-2018-6540
   * SECURITY UPDATE: invalid memory dereference
     - debian/patches/CVE-2018-7725.patch: check zlib space in
       zzip/memdisk.c, zzip/mmapped.c.
     - CVE-2018-7725
   * SECURITY UPDATE: bus error in __zzip_parse_root_directory
     - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
       zzip/zip.c.
     - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
     - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
       zzip/zip.c.
     - CVE-2018-7726
Checksums-Sha1:
 61431ea5e55c5adb085f68228d6067763d54cfe6 2143 zziplib_0.13.62-3.1ubuntu1.dsc
 3fc3982ba3bea92cd1fcfbda5a127a623ee56b28 15508 zziplib_0.13.62-3.1ubuntu1.debian.tar.xz
 c8c52aa6c29bd0cde6f0c5834c3649a4b1dee1ef 6163 zziplib_0.13.62-3.1ubuntu1_source.buildinfo
Checksums-Sha256:
 c97ac88c24b19c4f90b2e693b1b434b96e96ccb78274294066af6e3cd74ddfd8 2143 zziplib_0.13.62-3.1ubuntu1.dsc
 58bc69ccc941522e90fda8dc33aa5526d6e8fc3946072302dfbd187158b97388 15508 zziplib_0.13.62-3.1ubuntu1.debian.tar.xz
 1835ff946c2c7ed3c03bab280a80cbf6db54fbfb3c0e0257e021a9747796a459 6163 zziplib_0.13.62-3.1ubuntu1_source.buildinfo
Files:
 ae6a2df5de7ceb005eacc9fc75d78a24 2143 libs optional zziplib_0.13.62-3.1ubuntu1.dsc
 1746f1fa6ccc88e9937b167f55470474 15508 libs optional zziplib_0.13.62-3.1ubuntu1.debian.tar.xz
 b9080dc30614c4531cc3721b475fbe8e 6163 libs optional zziplib_0.13.62-3.1ubuntu1_source.buildinfo
Original-Maintainer: Scott Howard <showard at debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAls2ayAACgkQZWnYVadE
vpPvug/+Ol8jmfmJuQYUJu2vRkR7v0KQ9D+HeKDwp3qUMuyqpbkfdYc5+eRSVgP8
AD+9ts22o1F4+GdqJ+JBvdFFrUDO7MWaqfxLpEZE1z/wA5FjljWI8XCUJx6GFOGn
KYSG+Cw6VB89s/zxkrmY5CNrL1ZmHcKlIHDPzMXXMq7M2FD2SX+rL8+UC0DlU26/
l4OY9+PqYhIpnmO97a0NZI7WWHZqdgxewtADz058gu11GPhDnpVctT5LOgnI7BM2
acB8mMZqVYCXt5GA9bd/Jl89hw/glPX1FBaCjwMckNV4SK8rfTPTmsJoxRy4GLt7
LKjgrbdDgSUO6uJ/2pUwbEBnOcov165MsSrLrrAqnrfww34YMaI9rmdU0r8dCOVb
YL62cqc03qELv0ygPAshbT6dhtOcyuUAXN0J6on9fYbl/cXx3W5GfqdSqejd3dvf
Ag0+4zXBVSjq1yySieWHyJj4ntCiiDdZn5LdE9sAlanPtdWy1SiM8r/HIm6xIz3o
gbR0W17JABQs1m4fnqFnhjrbYP0f/f0+TTtVm5eTstpvAprGhcz0UmBeb/iTsTRd
FGvsRr32KNh82VB5D+P+mgoUAYBurrlFxhYRHOjGNrgPdUD1LJqy5tzwxLNGWRsO
mUVuytHwp3tnINg6inC3XKw3VaFpgl0c+CqwOcMcg43OaYEaW9I=
=kHcQ
-----END PGP SIGNATURE-----

More information about the Cosmic-changes mailing list