Back to zziplib PTS page

Accepted zziplib 0.13.56-1.1+deb7u1 (source amd64) into oldoldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted zziplib 0.13.56-1.1+deb7u1 (source amd64) into oldoldstable
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 20 Jun 2017 18:30:29 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1dNNv3-00006L-Ad@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 20 Jun 2017 19:03:02 +0200
Source: zziplib
Binary: zziplib-bin libzzip-0-13 libzzip-dev
Architecture: source amd64
Version: 0.13.56-1.1+deb7u1
Distribution: wheezy-security
Urgency: low
Maintainer: LIU Qi <liuqi82@gmail.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 libzzip-0-13 - library providing read access on ZIP-archives - library
 libzzip-dev - library providing read access on ZIP-archives - development
 zziplib-bin - library providing read access on ZIP-archives - binaries
Changes:
 zziplib (0.13.56-1.1+deb7u1) wheezy-security; urgency=low
 .
   * Non-maintainer upload by the Wheezy LTS Team.
   * CVE-2017-5974
     Heap-based buffer overflow in the __zzip_get32 function in fetch.c
     in zziplib allows remote attackers to cause a denial of service
     (crash) via a crafted ZIP file.
   * CVE-2017-5975
     Heap-based buffer overflow in the __zzip_get64 function in fetch.c
     in zziplib allows remote attackers to cause a denial of service
     (crash) via a crafted ZIP file.
   * CVE-2017-5976
     Heap-based buffer overflow in the zzip_mem_entry_extra_block
     function in memdisk.c in zziplib allows remote attackers to cause
     a denial of service (crash) via a crafted ZIP file.
   * CVE-2017-5978
     The zzip_mem_entry_new function in memdisk.c in zziplib allows
     remote attackers to cause a denial of service (out-of-bounds
     read and crash) via a crafted ZIP file.
   * CVE-2017-5979
     The prescan_entry function in fseeko.c in zziplib allows remote
     attackers to cause a denial of service (NULL pointer dereference
     and crash) via a crafted ZIP file.
   * CVE-2017-5980
     The zzip_mem_entry_new function in memdisk.c in zziplib allows
     remote attackers to cause a denial of service (NULL pointer
     dereference and crash) via a crafted ZIP file.
   * CVE-2017-5981
     seeko.c in zziplib allows remote attackers to cause a denial of
     service (assertion failure and crash) via a crafted ZIP file.
Checksums-Sha1:
 15a2f8c100e3b47447a3226a2a14960ba1b1957a 2145 zziplib_0.13.56-1.1+deb7u1.dsc
 5afd0fa6e7ace0fb45e768d2acaafea16c1bd941 680150 zziplib_0.13.56.orig.tar.gz
 8fabde46fbcab7531de16b6c3e7f76704a8982b9 12688 zziplib_0.13.56-1.1+deb7u1.diff.gz
 d384e406288ce3b1c6becb3a9d77bf569640302b 41258 zziplib-bin_0.13.56-1.1+deb7u1_amd64.deb
 6752c03c24633b6daa4168d85e6df0e7dfe0cfaf 56400 libzzip-0-13_0.13.56-1.1+deb7u1_amd64.deb
 9093593ce53d93eddb36a4cf5757739c33cfe57b 148026 libzzip-dev_0.13.56-1.1+deb7u1_amd64.deb
Checksums-Sha256:
 16f8b1707df5e252d6dbe52e8ec1f99e78cb0c50661ff8c4647b85509f51fbfa 2145 zziplib_0.13.56-1.1+deb7u1.dsc
 03d5cede1336d69bc1b060da90a5b786bb7987c84129c9110df806508165c4b0 680150 zziplib_0.13.56.orig.tar.gz
 ddb29028ca42abe502769550d2b697d32c21766f9d5900a617d6df563cd6aada 12688 zziplib_0.13.56-1.1+deb7u1.diff.gz
 6a0076aa43d33ddaa23f7881b0bdde527cc8134ee32f81c2d8293e81143f9807 41258 zziplib-bin_0.13.56-1.1+deb7u1_amd64.deb
 e7f3d8044743bce2ea23e89e2e199bcaf144d85c1a783b8d9483583b25274940 56400 libzzip-0-13_0.13.56-1.1+deb7u1_amd64.deb
 6da0a632ed9a2d9071b4cac853dc16a19815b480ce28de31d37568b88ad15b0b 148026 libzzip-dev_0.13.56-1.1+deb7u1_amd64.deb
Files:
 13649ad0cfb6751dbaf08131bed14471 2145 libs optional zziplib_0.13.56-1.1+deb7u1.dsc
 729e291af8de84b54eca93e8283f016e 680150 libs optional zziplib_0.13.56.orig.tar.gz
 5685d072ddee52a93c184c0c69225f18 12688 libs optional zziplib_0.13.56-1.1+deb7u1.diff.gz
 c28ff845ebe87026b856b417ceb58e04 41258 utils optional zziplib-bin_0.13.56-1.1+deb7u1_amd64.deb
 3c86f6504e12ef8dcaaabb9199e5904b 56400 libs optional libzzip-0-13_0.13.56-1.1+deb7u1_amd64.deb
 d9475caee0fe2e470fd10d4e4d98ae2e 148026 libdevel optional libzzip-dev_0.13.56-1.1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAllJZthfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR3u3D/9htoZ+J0zyhkSdMgRK6o9kv7pNQ8IS
FGbStdQl/9qW3iLxani0cz8Y1RH3jTEfvIfmInnsHy2Rkw3MWZk/lL/s+Xcd9+p/
QCNVXfzbAw5FacIY6dNIGLy7Nmp59p7l/R9emX4EOtU7G4UnjgI5V+sSulaVMu+u
oid0QMYF/l/09jCCJDoWy01P3dAzYLzTP1meg89Z9b9J7nrdTlQFY47K0z9AHBZg
LiZfU0DojVXDNDK2P9djSwwfWWCJ/VDJrz4nEoV8lNf4rJoqbYZq48hhjLhDeSPw
RrOIGFjr9jFTzW4vquvP6P6FwiHHm+BxDCSlgYX25o8LhB0fHXovYxQHRaoKtHLJ
EoCBBRUI9YSNu0uzFz05os9cFiYiL/uSzA3wjKQbfofYbfXyrDujqENyAartOGrp
P5dwoCzz8fRY4Yx7oxtlW9WwmGOmOZ9V0g6oKKOwsu9zezjL99Skhtk8VREAs6XR
BRxBSb5Yq9dxDqOPvnOumTJDO88w8kfJ6YiAVN0P+4DDyCplmthmEgs/UwlcKUCK
OZ54wsEC5CH5t3eMcGO2GtUnVwo4hr0iCj5QsxaedTqSXht9h0wl3x1HmAtGm83A
EjK5+raR7EcPuoGGCZ1a8WKAsWuq8mvn4s7Nh7fpb5lnW5kZTjGvHkudGe68MCFA
7GlRx2Pr+IKHQQ==
=javq
-----END PGP SIGNATURE-----