Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted unzip 6.0-16+deb8u4 (source amd64) into oldoldstable
Date: Sun, 07 Jul 2019 19:00:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Jul 2019 19:44:27 +0200
Source: unzip
Binary: unzip
Architecture: source amd64
Version: 6.0-16+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 unzip      - De-archiver for .zip files
Changes:
 unzip (6.0-16+deb8u4) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * David Fifield discovered a way to construct non-recursive "zip bombs" that
     achieve a high compression ratio by overlapping files inside the zip
     container. However the output size increases quadratically in the input
     size, reaching a compression ratio of over 28 million (10 MB -> 281 TB) at
     the limits of the zip format which can cause a denial-of-service. Mark
     Adler provided a patch to detect and reject such zip files for the unzip
     program.
Checksums-Sha1:
 9707794b8a62e66f1a0496634ff2c8ada550e95b 1850 unzip_6.0-16+deb8u4.dsc
 e4c2c98a87b1579e6611574a07ed4d4338e734f1 19880 unzip_6.0-16+deb8u4.debian.tar.xz
 7f94a48fa756fec1d31ad9485196ebc6b2631d70 163836 unzip_6.0-16+deb8u4_amd64.deb
Checksums-Sha256:
 fd218267b9256a12ecb3165f2af7ce559d4f5877388f6bb6395b0ddffee62e7e 1850 unzip_6.0-16+deb8u4.dsc
 4806bbe3dc9a1705f2da44206fba063064cb3cd3438b256c3703f806b39179ea 19880 unzip_6.0-16+deb8u4.debian.tar.xz
 af4ffce422730eb723eb0091263392f5648ad5c4a2a6fa7c665f72a4e97976cf 163836 unzip_6.0-16+deb8u4_amd64.deb
Files:
 a210d5414946dfa3e0c43ff16e706dc9 1850 utils optional unzip_6.0-16+deb8u4.dsc
 fcb55c3625eaf5d1152676696e469eca 19880 utils optional unzip_6.0-16+deb8u4.debian.tar.xz
 1f0d137a72b896f0a15497424a2451a0 163836 utils optional unzip_6.0-16+deb8u4_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0iPONfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk+d8P/3IzU7XtloT80Af0vuB2H6C5zQycuIA8TakX
l/VwakjUzspR+2Tkg5lJku4WBHrkwkymy28i72Y8jsdBR0Ao2K1ctiMK1yaOmdB6
AjGcqd8dFYPvZxeNiIvfMxVb3QqzwUYqKhkXCy3/kv0vWPPvkDchML2Ja72G+29g
fv4WQ+CRuZZSlA0Z+Xo19ffUTcqUPafTY8n472Y/6lQE3jvQSbALEuUrkRVqXk9c
RgXhkB9y4vWUrrcL+IqnqRlUChtEUmXm7fKv8RW+LDf19TPZR/QTWsvMFrqJJPyB
nYxQCdekOJms50DHsJJ7M7txDVCFOFUXPjxQi7gBLeGXh8c5qfOvE7ppp5sBLOxn
RhPoe4AEpnY9Fqq5130/Em1v4fZebz4HWU/5aZIt09Yu8IM/ygn9ayH6SPHd5pxD
/DRDmIaJ2ztyjKgr/ggT03uhzTTnu78K6cOBoKKWmmFLIAdYm/K2cUL6iWsxJwtX
bLM5j0TjeeuP0a4zZbTDvv7ju5NAbpmZrtQ1XA9JI+r1Zu3uiLFHj9X+JDNbwYCo
DDogw9Gwj4KFmkNqRl0bNXKhpE/ngDZcrE/vyJQlrq3T+Z0uYieuNLDh6rYeC7AM
itzVAlnZ4I90SwZ9OnjU4N44XsgY2mVSYQSR10SmfIuziL9EcfYjzmTsDVOBMAY9
bB5CpCo6
=kAmt
-----END PGP SIGNATURE-----
News for package unzip
