-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 04 Mar 2019 22:43:14 +0100 Source: zziplib Architecture: source Version: 0.13.62-3.2 Distribution: unstable Urgency: medium Maintainer: Scott Howard <showard@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 889089 889096 910335 913165 923659 Changes: zziplib (0.13.62-3.2) unstable; urgency=medium . * Non-maintainer upload. * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096) * Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869) (Closes: #889089) * bus error in zzip_disk_findfirst function in zzip/mmapped.c (CVE-2018-6540) (Closes: #923659) * out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) (Closes: #913165) * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) (Closes: #913165) * Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) (Closes: #910335) Checksums-Sha1: e2ca280645d97a2ebfb615214f059f08ff3b9902 2191 zziplib_0.13.62-3.2.dsc 1d7b30a6a71bc1fa91e331df4920c64a31bf98f4 16416 zziplib_0.13.62-3.2.debian.tar.xz Checksums-Sha256: c02427dd520086d8709cbb1b691f469686a74a05aac646d51cee47b4353c15bf 2191 zziplib_0.13.62-3.2.dsc cbe442563e0e9c1fdb83847442ddd0be5ec72e64689e08ab3b19cabb72650d81 16416 zziplib_0.13.62-3.2.debian.tar.xz Files: 7cc4e8d59bc763d95e1eb9f42a7628cf 2191 libs optional zziplib_0.13.62-3.2.dsc 08bad4fd3cad2e7b7f38ca5b621377f1 16416 libs optional zziplib_0.13.62-3.2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyAS7FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ECbwQAIebRYZII6zTG+4qxbEBSb8JMZ9C27ZB +kcie5p6ny1JpIbXKO1ubX6DGNTpcAU/DC6CgWa4xvHrWAJTqtWuh+g5Sp4Obyw7 qbUuHKX+eyrXCBuoz+wh4vGy7pKyDUVZY2aKJPPAC69go2lNnmMkwL24yN2LZLB9 3+BS+xOUPN5plXbOcgWtabS9I8WOvYoNh2vcxEjyHPtvAK7lB98berr/xaEF2PGx iy6Dm2yKoj9O1xykaQbsHFBX3CcRR3cyb46J4HyYCmD9fdH82j6Rju3pn90/tY6u t+d0+3e0fjyW1nO7KqAiZxBrqv9OC0XvrTMouhmw6J+w07z2YxhsRTJ07EAi9wPv 8mQC5LMnP0n6q25OhaGsNIRt4H5S1bySw29hH7Z9gpMNBXiqfuFrRvz1ILaXSZ6N 6ttDk5DXAZ+I+vrg0AQ4DHMXBicrrOg/4YE++6Hp0l/ynl1BtGQe2MU5GNxi3tMv a1gu3rSmOLxXA98CSTJ1PAcx0BZa4YlpfDDg3+ODyjT5z8PqJgQxK+MvCAq0us4U VgovKtAsP1+frBhdhc+SrMBHxoMr1aJIiPrU1g0S1CfXlXOQ1tmNmdoFyq1bZ8Sb P0W3x8YIwO86wNn1AG8w/c1HM6Ifyj+kCu6ZOTuIsc9qPyVuQnffryWOeLDNshaT PxKbNUOp/ahW =QfJe -----END PGP SIGNATURE-----
