Accepted zziplib 0.13.62-3+deb8u2 (source amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 28 Jun 2020 11:03:02 +0200
Source: zziplib
Binary: zziplib-bin libzzip-0-13 libzzip-dev
Architecture: source amd64
Version: 0.13.62-3+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Scott Howard <showard@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
libzzip-0-13 - library providing read access on ZIP-archives - library
libzzip-dev - library providing read access on ZIP-archives - development
zziplib-bin - library providing read access on ZIP-archives - binaries
Changes:
zziplib (0.13.62-3+deb8u2) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2018-6381
Invalid memory access in zzip_disk_fread
* CVE-2018-6484, CVE-2018-6541, CVE-2018-6869
Reject the ZIP file and report it as corrupt if the size of the central
directory and/or the offset of start of central directory point beyond the
end of the ZIP file.
* CVE-2018-6540
bus error in zzip_disk_findfirst function in zzip/mmapped.c
* CVE-2018-7725
out of bound read in mmapped.c:zzip_disk_fread() causes crash
* CVE-2018-7726
Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
zip file
* CVE-2018-16548
Memory leak triggered in the function __zzip_parse_root_directory in zip.c
Checksums-Sha1:
5a7ac613484bc781beb88dbdf997411427ce247b 2215 zziplib_0.13.62-3+deb8u2.dsc
cf8b642abd9db618324a1b98cc71492a007cd687 685770 zziplib_0.13.62.orig.tar.bz2
013ccf5ab40d1b03b5bb36b93deefb2f95af5af3 16184 zziplib_0.13.62-3+deb8u2.debian.tar.xz
a94e01eff2f62c7b8f10371edf848aad5e554dd5 41690 zziplib-bin_0.13.62-3+deb8u2_amd64.deb
d92aee4a392e9db157c54dddfe6e5fa2c6a967ce 56002 libzzip-0-13_0.13.62-3+deb8u2_amd64.deb
24c68e0b953e1f82018259d0d0cc0f7d8c09a108 112156 libzzip-dev_0.13.62-3+deb8u2_amd64.deb
Checksums-Sha256:
a2c0dcd79908e6f0a9c300490b278ea31fbc828292ebe6d6ddf8a7b55aef39fe 2215 zziplib_0.13.62-3+deb8u2.dsc
a1b8033f1a1fd6385f4820b01ee32d8eca818409235d22caf5119e0078c7525b 685770 zziplib_0.13.62.orig.tar.bz2
c8577f54786bbe7a19610dce3116a17e5f73ca39a0739e09f8964088537b3f93 16184 zziplib_0.13.62-3+deb8u2.debian.tar.xz
57cfcd33bd35559171a5fee908030d57bf0f543ed70c2d204df93c254aade770 41690 zziplib-bin_0.13.62-3+deb8u2_amd64.deb
43f972dc4c8636aa5c9a0812457ffcb0bbdbde86637a1124b20cde2351dde0fa 56002 libzzip-0-13_0.13.62-3+deb8u2_amd64.deb
b6bfc3ecac94bb3d76a5929b2abecaedeb1d8bff8fa8474f196c94073a09e12c 112156 libzzip-dev_0.13.62-3+deb8u2_amd64.deb
Files:
7a441ac1137613e882fc453539611efb 2215 libs optional zziplib_0.13.62-3+deb8u2.dsc
5fe874946390f939ee8f4abe9624b96c 685770 libs optional zziplib_0.13.62.orig.tar.bz2
512d1a08ee6f805f0d5215234ca90b72 16184 libs optional zziplib_0.13.62-3+deb8u2.debian.tar.xz
147b959500e20b6b65cf4a9b746fef5f 41690 utils optional zziplib-bin_0.13.62-3+deb8u2_amd64.deb
2a770a529ca48bd56edb5363c05943bd 56002 libs optional libzzip-0-13_0.13.62-3+deb8u2_amd64.deb
225c505e6f1a4fb910c0f0c762b98419 112156 libdevel optional libzzip-dev_0.13.62-3+deb8u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl74Z3FfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwLfD/4mTry4gY5gf4gVWoFAuzXikfNkSj5Q
R+xD3tiMoEiBkLHv3YjFviWWIZQ/lOCwtAa1cVHlAl3gdnsJHrnUEUz3zGAfwiac
3k60tEabin61Q2EcfkN0kjEDmusn/XmLIkJ7z6tl6y1DeEWnmkJTPj/G8bf36mdB
S8vuuFhw3+TtZGWBeUYr6eOgjcfrDpTDMO7zqeRAR6WGLw9WwG81+rJH1nLUbfb8
UXL/zeZBIgRBkGV5Lzuzbye39RXoVVKYJLKFqZEeZIiXoF2yW6CZf3BLm7XPrak2
U7mIQab7lgNTm76YYHH8gXURCPCc1rTb19hZQMVE6sMXUqq8zEttpN2uhcZpm6r7
yDfP0+8SvehRu0BOZ5H6s4OJf+iTqYP4UMy75I64L2xgPce8AYyNqvaOZg0v4t/C
q1CrzFooKq8AppN2c2LnNcahGqCTDOtfElyXogFcL+l7fsiOrEi4wiNKSWxEdxkh
keJEKOfzXw3komCmf3+pKXEQnNfrqIiBaId6i5USA9hgz9DPiY88l3o9T/tMX0To
GjxabazIJl/G3n4qFbd7IFdxQDSH3fue0CTBtVZUK6ySZDbbeUbF7Obs1Eb5n/M+
Ti20wKQAvw2jCKl4gSqsjV0NWZ625VfNMwuai6U/pFw3Ztr2Eb10nnVu/7SQMBKO
AH4iYWWbVBiKeg==
=xkGw
-----END PGP SIGNATURE-----