Format: 1.8
Date: Fri, 29 Jun 2018 12:27:57 -0400
Source: zziplib
Binary: zziplib-bin libzzip-0-13 libzzip-dev
Architecture: i386
Version: 0.13.62-3ubuntu0.16.04.2
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-006.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libzzip-0-13 - library providing read access on ZIP-archives - library
 libzzip-dev - library providing read access on ZIP-archives - development
 zziplib-bin - library providing read access on ZIP-archives - binaries
Changes:
 zziplib (0.13.62-3ubuntu0.16.04.2) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: invalid mem access in zzip_disk_fread
     - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
     - CVE-2018-6381
   * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
     - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
     - CVE-2018-6484
     - CVE-2018-6541
     - CVE-2018-6869
   * SECURITY UPDATE: bus error in zzip_disk_findfirst
     - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
     - CVE-2018-6540
   * SECURITY UPDATE: invalid memory dereference
     - debian/patches/CVE-2018-7725.patch: check zlib space in
       zzip/memdisk.c, zzip/mmapped.c.
     - CVE-2018-7725
   * SECURITY UPDATE: bus error in __zzip_parse_root_directory
     - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
       zzip/zip.c.
     - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
     - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
       zzip/zip.c.
     - CVE-2018-7726
Checksums-Sha1:
 352429587f04666e72bded9a5c1682a30a2c5e54 27814 libzzip-0-13_0.13.62-3ubuntu0.16.04.2_i386.deb
 e4d1f4abe93adfd54e8252a502bd8ce9da3cfcc4 81462 libzzip-dev_0.13.62-3ubuntu0.16.04.2_i386.deb
 98d9bcff156892303de1f6305a21a3daf2f28a0b 10210 zziplib-bin_0.13.62-3ubuntu0.16.04.2_i386.deb
Checksums-Sha256:
 385b6e2d4b3a712ccf31740b622bc6e48b06f41382935aa9e7448459f697d29f 27814 libzzip-0-13_0.13.62-3ubuntu0.16.04.2_i386.deb
 7664cf97dc1b5e507190859899c12c796d587348534fa5f811db09667dfd15f2 81462 libzzip-dev_0.13.62-3ubuntu0.16.04.2_i386.deb
 82b886590ea3e0f65ac7b1ea23542967a1aeb76db9e22778b33967ea9dbf7cad 10210 zziplib-bin_0.13.62-3ubuntu0.16.04.2_i386.deb
Files:
 92104554e97bca21fe5c77b3243997a2 27814 libs optional libzzip-0-13_0.13.62-3ubuntu0.16.04.2_i386.deb
 3b00a7b2c0ba5c36dade2c0540067666 81462 libdevel optional libzzip-dev_0.13.62-3ubuntu0.16.04.2_i386.deb
 04248b90d394ed623d60fcc8b4bfa8b2 10210 utils optional zziplib-bin_0.13.62-3ubuntu0.16.04.2_i386.deb
Original-Maintainer: Scott Howard <showard@debian.org>