Ubuntu
unzip package

unzip 6.0-20ubuntu1.1 source package in Ubuntu

Changelog

unzip (6.0-20ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in unzip (LP: #387350)
    - debian/patches/17-cve-2014-9913-unzip-buffer-overflow: Accommodate
      printing an oversized compression method number in list.c.
    - CVE-2014-9913
  * SECURITY UPDATE: buffer overflow in zipinfo (LP: #1643750)
    - debian/patches/18-cve-2016-9844-zipinfo-buffer-overflow: Accommodate an
      oversized compression method number in zipinfo.c.
    - CVE-2016-9844
  * SECURITY UPDATE: buffer overflow in password protected ZIP archives
    - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
      check before allocating memory in fileio.c.
    - CVE-2018-1000035
  * SECURITY UPDATE: denial of service (resource consumption)
    - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
      in undefer_input() of fileio.c that misplaced the input state.
    - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
      Detect and reject a zip bomb using overlapped entries.
    - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
      Do not raise a zip bomb alert for a misplaced central directory.
    - CVE-2019-13232

 -- Avital Ostromich <email address hidden>  Wed, 25 Nov 2020 20:01:25 -0500

Upload details

Uploaded by:
Avital Ostromich
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
utils
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates main utils
Xenial security main utils

Downloads

File Size SHA-256 Checksum
unzip_6.0.orig.tar.gz 1.3 MiB 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37
unzip_6.0-20ubuntu1.1.debian.tar.xz 25.2 KiB 32ea80ffa8f300e4ed628679bf712d57da7ac22d565b21b06dbe43b0edbe136f
unzip_6.0-20ubuntu1.1.dsc 1.6 KiB 296acac5555c83b244a411c9a0a45044025b3dc24491839a9c91b4b1fdf86436

View changes file

Binary packages built by this source

unzip: De-archiver for .zip files

 InfoZIP's unzip program. With the exception of multi-volume archives
 (ie, .ZIP files that are split across several disks using PKZIP's /& option),
 this can handle any file produced either by PKZIP, or the corresponding
 InfoZIP zip program.
 .
 This version supports encryption.

unzip-dbgsym: debug symbols for package unzip

 InfoZIP's unzip program. With the exception of multi-volume archives
 (ie, .ZIP files that are split across several disks using PKZIP's /& option),
 this can handle any file produced either by PKZIP, or the corresponding
 InfoZIP zip program.
 .
 This version supports encryption.