[ubuntu/vivid-proposed] unzip 6.0-13ubuntu1 (Accepted)
Matthias Klose
doko at ubuntu.com
Thu Dec 25 12:43:15 UTC 2014
unzip (6.0-13ubuntu1) vivid; urgency=medium
* Merge with Debian; remaining changes:
unzip (6.0-13) unstable; urgency=medium
* Apply upstream fix for three security bugs. Closes: #773722.
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
Date: Thu, 25 Dec 2014 13:34:55 +0100
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/unzip/6.0-13ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 25 Dec 2014 13:34:55 +0100
Source: unzip
Binary: unzip
Architecture: source
Version: 6.0-13ubuntu1
Distribution: vivid
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description:
unzip - De-archiver for .zip files
Closes: 773722
Changes:
unzip (6.0-13ubuntu1) vivid; urgency=medium
.
* Merge with Debian; remaining changes:
.
unzip (6.0-13) unstable; urgency=medium
.
* Apply upstream fix for three security bugs. Closes: #773722.
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
Checksums-Sha1:
430f78e1c3ee5669379d2c399371d00d06a8f218 1764 unzip_6.0-13ubuntu1.dsc
43144dadb5ffdc45f625e15777e1954632677f5f 16736 unzip_6.0-13ubuntu1.debian.tar.xz
Checksums-Sha256:
1cef6841e1b6dfd32fd101e80e71f0d56b200e6439955a8224a673643e3004ab 1764 unzip_6.0-13ubuntu1.dsc
850068b63f2508942b7ccce47939818fc225452e56034f4fd5744cae7f9db237 16736 unzip_6.0-13ubuntu1.debian.tar.xz
Files:
d8b83ba06f327d742835403bc5ee6bf3 1764 utils optional unzip_6.0-13ubuntu1.dsc
7c1385003e106d89ad9798792b593c49 16736 utils optional unzip_6.0-13ubuntu1.debian.tar.xz
Original-Maintainer: Santiago Vila <sanvila at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUnAXkAAoJEL1+qmB3j6b1bZcQAKzPvONwRdqiZrIzs99xTYC/
CoVF6p4IAxWTfdJiRI8igwDIDvzSjr+yD7X1hNY3tXcdw/3wLlWYTUipas+yI6sb
OoJuyvwV0VPJIOtWBjEuZ8m2A1c6CJHzRlEPwIcrQceiaCHOhFf922BoN2AT5o21
qRlfKqIRxZv9ud1MPc16vIELABvNVVSvEq8b7TGZnPDyE2CZJU+G4jMMibdgQBNJ
IePpVQwUYrIFXVuDGXxgCS7tDqJfrGLjFAsAVO0GNg31OPjnZ3YSEpUkrmvm00h4
kuIFCE9ceg0+LwaLfXJkhCW39K70FAwIYTnqJE/hp9E2jZEiwIcw25fDeTp6RJaV
OuYMf9NskG0qr5BVSw1AW8oTY5QrDoSlIkN2MuCUKvG+OkAlckfi8GwQcnQFcn+B
tWuvoL1Sx7qq9ELfBRDFpNTaSoJgintlggjYcGSH0zzJVnDdaoA87/9qWOe2OJLQ
eE/Pj6dI3a9zR/dr6WtaWURHpXikh478/RvbVSetjJomFenxahNBz6L7nSwdaQ1o
Za39AFBu/HguF/1hIMTGflKViucZdBUOcEmhvtKtCJR3bhNCEWw43ySPcC/cZi7U
rsgyXkIeIVIsNW7ngF4VasGhFylkF/2Smm3pdv0AbpqRV7DdSCMtLQmzTDgQbRWf
CxyzGt43sf4e8ZAO87QS
=fr4J
-----END PGP SIGNATURE-----
More information about the Vivid-changes
mailing list