Format: 1.8
Date: Wed, 25 Nov 2020 20:01:25 -0500
Source: unzip
Binary: unzip
Architecture: armhf
Version: 6.0-20ubuntu1.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-043.buildd>
Changed-By: Avital Ostromich <avital.ostromich@canonical.com>
Description:
 unzip      - De-archiver for .zip files
Launchpad-Bugs-Fixed: 387350 1643750
Changes:
 unzip (6.0-20ubuntu1.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow in unzip (LP: #387350)
     - debian/patches/17-cve-2014-9913-unzip-buffer-overflow: Accommodate
       printing an oversized compression method number in list.c.
     - CVE-2014-9913
   * SECURITY UPDATE: buffer overflow in zipinfo (LP: #1643750)
     - debian/patches/18-cve-2016-9844-zipinfo-buffer-overflow: Accommodate an
       oversized compression method number in zipinfo.c.
     - CVE-2016-9844
   * SECURITY UPDATE: buffer overflow in password protected ZIP archives
     - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
       check before allocating memory in fileio.c.
     - CVE-2018-1000035
   * SECURITY UPDATE: denial of service (resource consumption)
     - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
       in undefer_input() of fileio.c that misplaced the input state.
     - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
       Detect and reject a zip bomb using overlapped entries.
     - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
       Do not raise a zip bomb alert for a misplaced central directory.
     - CVE-2019-13232
Checksums-Sha1:
 0376ef727210749357906891ac04056349ea7f81 70408 unzip-dbgsym_6.0-20ubuntu1.1_armhf.ddeb
 2dcd37cbe3c275258a47dcb9efecc1e7790def48 136476 unzip_6.0-20ubuntu1.1_armhf.deb
Checksums-Sha256:
 209530012e049270ec65e2889f974474a59fd011f771698774c0b7bf1814a8ad 70408 unzip-dbgsym_6.0-20ubuntu1.1_armhf.ddeb
 847b1d1a2ae52439d27802a77a52c845971aff7adf0511366e5135529d772a17 136476 unzip_6.0-20ubuntu1.1_armhf.deb
Files:
 14dabeca506c9a2dec5a72b95e5419b6 70408 utils extra unzip-dbgsym_6.0-20ubuntu1.1_armhf.ddeb
 b7d98d05281ed698922ac0b7707414ec 136476 utils optional unzip_6.0-20ubuntu1.1_armhf.deb
Original-Maintainer: Santiago Vila <sanvila@debian.org>