unzip 6.0-21+deb9u2 source package in Debian
Changelog
unzip (6.0-21+deb9u2) stretch; urgency=medium
* Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502.
* Apply three patches by Mark Adler to fix CVE-2019-13232.
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries.
Bug discovered by David Fifield. Closes: #931433.
- Do not raise a zip bomb alert for a misplaced central directory.
Reported by Peter Green. Closes: #932404.
-- Santiago Vila <email address hidden> Mon, 05 Aug 2019 18:10:06 +0200
Upload details
- Uploaded by:
- Santiago Vila
- Uploaded to:
- Stretch
- Original maintainer:
- Santiago Vila
- Architectures:
- any
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Stretch | release | main | utils |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| unzip_6.0-21+deb9u2.dsc | 1.3 KiB | 9894c31ba2999c72e81593ba0ecb6ee621c2992071427fc790981df6d9f56605 |
| unzip_6.0.orig.tar.gz | 1.3 MiB | 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 |
| unzip_6.0-21+deb9u2.debian.tar.xz | 22.4 KiB | 8caf2e849fc90bdb22e9c338c64800c98c7179345cbce47d65c8dda4efc8942b |
No changes file available.
