[ubuntu/eoan-proposed] unzip 6.0-24ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Tue Jul 16 05:03:14 UTC 2019
unzip (6.0-24ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add patch from archlinux which adds the -O option, allowing a charset
to be specified for the proper unzipping of non-Latin and non-Unicode
filenames.
unzip (6.0-24) unstable; urgency=medium
* Apply two patches by Mark Adler:
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries. Closes: #931433.
Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
Date: Mon, 15 Jul 2019 22:02:02 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/unzip/6.0-24ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jul 2019 22:02:02 -0700
Source: unzip
Architecture: source
Version: 6.0-24ubuntu1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Closes: 931433
Changes:
unzip (6.0-24ubuntu1) eoan; urgency=low
.
* Merge from Debian unstable. Remaining changes:
- Add patch from archlinux which adds the -O option, allowing a charset
to be specified for the proper unzipping of non-Latin and non-Unicode
filenames.
.
unzip (6.0-24) unstable; urgency=medium
.
* Apply two patches by Mark Adler:
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries. Closes: #931433.
Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
Checksums-Sha1:
38d3dce40a9e1d50a4e3847a052d520ebd9fba3b 1833 unzip_6.0-24ubuntu1.dsc
c60a7aa75211db1526d2904f7a304df6caf5cbff 25296 unzip_6.0-24ubuntu1.debian.tar.xz
ed59151ed494bab1f16d6c2afdaea57d86d361f3 6491 unzip_6.0-24ubuntu1_source.buildinfo
Checksums-Sha256:
9eeaa30a821e23b5ad19a610a03755c07dc6e7208b8311aabf11c53a49d85182 1833 unzip_6.0-24ubuntu1.dsc
7fd116e5ef459fd7be97398d9bab7dc8d10d4154c82e13e5c56166d4e4e95c17 25296 unzip_6.0-24ubuntu1.debian.tar.xz
169c177170ece14cac484a1d21caedf9904c703035be7b4eeeb04cb38087aad7 6491 unzip_6.0-24ubuntu1_source.buildinfo
Files:
3642bb256a608144c89743bfc8c107fc 1833 utils optional unzip_6.0-24ubuntu1.dsc
783632ff5692813b634aece7b6eaa9cd 25296 utils optional unzip_6.0-24ubuntu1.debian.tar.xz
b65a8b1e6db93b449e794b5cb3ef721b 6491 utils optional unzip_6.0-24ubuntu1_source.buildinfo
Original-Maintainer: Santiago Vila <sanvila at debian.org>
-----BEGIN PGP SIGNATURE-----
iQJOBAEBCgA4FiEErEg/aN5yj0PyIC/KVo0w8yGyEz0FAl0tWmEaHHN0ZXZlLmxh
bmdhc2VrQHVidW50dS5jb20ACgkQVo0w8yGyEz2myBAAonPfZ4wZtHz0C47DlMxA
EKsRrNJc+EsVRVhvWy6jwhzTsWFtqSZM6lFceMoexFaadYiG+WywxTCRmiTE6vHK
RYeg4BY2KkbpZm0UoLGRd0wIk8tz0w9fP3PdMzkd3irqWrahq4g1qnxy853X1j61
ykJ5HXtEazVcl4yIOiLiuuJiDwWf5mqQoo4hHX4lNKz43Zb/bhFkHDP2P7PsJ1my
ckEayNsYVpjuOBveo+J34AnQkrRrydmV42Gl3k1O8KPHNy/j4+B2cg8weYCnMvtg
lxCLS9BH3PVZIslfUqof7PEMLzP+t/4uohKBDl7XLSJF+trUv8g1gEBNKr+8Ip5n
RVmO6Pd/rElXo+z2oTnMzebHUVpEpgn9T6vfaCbYcMbGuqliUweCpTHjkemnKX+U
aYP1CUek+ABUOZq87dtv3DnnyMVT5mUGMJfAvw0OcfEEEz0ssAvHGXa4FVi2P+ZC
Q+/S5b3ApB/DVl8bNrFffkBFcU5GCKnAauB2wDAFfItO1hGruAZlh0yZQhhRUuyw
6DQAzmBxzyptn4eUYwvfidEd4qktpvnfDtrsHJIE2E0oir7D8k15b3bHGC5C95N6
/UnX+C4meJsYni3Y9e92085iN6lapDOM3aA7bUVSkBx2Xprj92s5c+BFtChRiKvq
4aNFgAfcN7GlZRF9LsZfmA4=
=9x5s
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list