[ubuntu/trusty-security] unzip 6.0-9ubuntu1.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Oct 29 17:08:04 UTC 2015
unzip (6.0-9ubuntu1.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow
- debian/patches/14-cve-2015-7696: add check to crypt.c.
- CVE-2015-7696
* SECURITY UPDATE: infinite loop when extracting empty bzip2 data
- debian/patches/15-cve-2015-7697: check for empty input in extract.c.
- CVE-2015-7697
* SECURITY UPDATE: unsigned overflow on invalid input
- debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
csiz_decrypted doesn't overflow in extract.c.
- No CVE number
Date: 2015-10-29 14:39:40.326508+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/unzip/6.0-9ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list