Back to zziplib PTS page

Accepted zziplib 0.13.62-3.2 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 04 Mar 2019 22:43:14 +0100
Source: zziplib
Architecture: source
Version: 0.13.62-3.2
Distribution: unstable
Urgency: medium
Maintainer: Scott Howard <showard@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 889089 889096 910335 913165 923659
Changes:
 zziplib (0.13.62-3.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
   * Reject the ZIP file and report it as corrupt if the size of the central
     directory and/or the offset of start of central directory point beyond the
     end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
     (Closes: #889089)
   * bus error in zzip_disk_findfirst function in zzip/mmapped.c
     (CVE-2018-6540) (Closes: #923659)
   * out of bound read in mmapped.c:zzip_disk_fread() causes crash
     (CVE-2018-7725) (Closes: #913165)
   * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
     zip file (CVE-2018-7726) (Closes: #913165)
   * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
     (CVE-2018-16548) (Closes: #910335)
Checksums-Sha1: 
 e2ca280645d97a2ebfb615214f059f08ff3b9902 2191 zziplib_0.13.62-3.2.dsc
 1d7b30a6a71bc1fa91e331df4920c64a31bf98f4 16416 zziplib_0.13.62-3.2.debian.tar.xz
Checksums-Sha256: 
 c02427dd520086d8709cbb1b691f469686a74a05aac646d51cee47b4353c15bf 2191 zziplib_0.13.62-3.2.dsc
 cbe442563e0e9c1fdb83847442ddd0be5ec72e64689e08ab3b19cabb72650d81 16416 zziplib_0.13.62-3.2.debian.tar.xz
Files: 
 7cc4e8d59bc763d95e1eb9f42a7628cf 2191 libs optional zziplib_0.13.62-3.2.dsc
 08bad4fd3cad2e7b7f38ca5b621377f1 16416 libs optional zziplib_0.13.62-3.2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyAS7FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ECbwQAIebRYZII6zTG+4qxbEBSb8JMZ9C27ZB
+kcie5p6ny1JpIbXKO1ubX6DGNTpcAU/DC6CgWa4xvHrWAJTqtWuh+g5Sp4Obyw7
qbUuHKX+eyrXCBuoz+wh4vGy7pKyDUVZY2aKJPPAC69go2lNnmMkwL24yN2LZLB9
3+BS+xOUPN5plXbOcgWtabS9I8WOvYoNh2vcxEjyHPtvAK7lB98berr/xaEF2PGx
iy6Dm2yKoj9O1xykaQbsHFBX3CcRR3cyb46J4HyYCmD9fdH82j6Rju3pn90/tY6u
t+d0+3e0fjyW1nO7KqAiZxBrqv9OC0XvrTMouhmw6J+w07z2YxhsRTJ07EAi9wPv
8mQC5LMnP0n6q25OhaGsNIRt4H5S1bySw29hH7Z9gpMNBXiqfuFrRvz1ILaXSZ6N
6ttDk5DXAZ+I+vrg0AQ4DHMXBicrrOg/4YE++6Hp0l/ynl1BtGQe2MU5GNxi3tMv
a1gu3rSmOLxXA98CSTJ1PAcx0BZa4YlpfDDg3+ODyjT5z8PqJgQxK+MvCAq0us4U
VgovKtAsP1+frBhdhc+SrMBHxoMr1aJIiPrU1g0S1CfXlXOQ1tmNmdoFyq1bZ8Sb
P0W3x8YIwO86wNn1AG8w/c1HM6Ifyj+kCu6ZOTuIsc9qPyVuQnffryWOeLDNshaT
PxKbNUOp/ahW
=QfJe
-----END PGP SIGNATURE-----