[ubuntu/precise-security] unzip 6.0-4ubuntu2.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Oct 29 17:08:03 UTC 2015
unzip (6.0-4ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow
- debian/patches/14-cve-2015-7696: add check to crypt.c.
- CVE-2015-7696
* SECURITY UPDATE: infinite loop when extracting empty bzip2 data
- debian/patches/15-cve-2015-7697: check for empty input in extract.c.
- CVE-2015-7697
* SECURITY UPDATE: unsigned overflow on invalid input
- debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
csiz_decrypted doesn't overflow in extract.c.
- No CVE number
Date: 2015-10-29 14:39:42.517086+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list