Publishing details

• Published on 2019-09-07

Changelog

unzip (6.0-21+deb9u2) stretch; urgency=medium

  * Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502.
  * Apply three patches by Mark Adler to fix CVE-2019-13232.
  - Fix bug in undefer_input() that misplaced the input state.
  - Detect and reject a zip bomb using overlapped entries.
    Bug discovered by David Fifield. Closes: #931433.
  - Do not raise a zip bomb alert for a misplaced central directory.
    Reported by Peter Green. Closes: #932404.

 -- Santiago Vila <email address hidden>  Mon, 05 Aug 2019 18:10:06 +0200

Builds

Package files

• unzip_6.0-21+deb9u2.debian.tar.xz (22.4 KiB)
• unzip_6.0-21+deb9u2.dsc (1.3 KiB)
• unzip_6.0.orig.tar.gz (1.3 MiB)