Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#46955 - [unzip] security issues
Attached to Project:
Arch Linux
Opened by Jens Adam (byte) - Tuesday, 03 November 2015, 03:15 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 03 November 2015, 07:36 GMT
Opened by Jens Adam (byte) - Tuesday, 03 November 2015, 03:15 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 03 November 2015, 07:36 GMT
|
Detailsvia https://www.debian.org/security/2015/dsa-3386
https://security-tracker.debian.org/tracker/CVE-2015-7696 - Heap buffer overflow when extracting password-protected archive https://security-tracker.debian.org/tracker/CVE-2015-7697 - Infinite loop when extracting password-protected archive Patches: https://sources.debian.net/data/main/u/unzip/6.0-19/debian/patches/14-cve-2015-7696 https://sources.debian.net/data/main/u/unzip/6.0-19/debian/patches/15-cve-2015-7697 https://sources.debian.net/data/main/u/unzip/6.0-19/debian/patches/16-fix-integer-underflow-csiz-decrypted |
This task depends upon
Closed by Gaetan Bisson (vesath)
Tuesday, 03 November 2015, 07:36 GMT
Reason for closing: Fixed
Additional comments about closing: unzip-6.0-11 in [extra]
Tuesday, 03 November 2015, 07:36 GMT
Reason for closing: Fixed
Additional comments about closing: unzip-6.0-11 in [extra]