-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 11 Jul 2019 18:03:34 +0200 Source: unzip Architecture: source Version: 6.0-24 Distribution: unstable Urgency: medium Maintainer: Santiago Vila <sanvila@debian.org> Changed-By: Santiago Vila <sanvila@debian.org> Closes: 931433 Changes: unzip (6.0-24) unstable; urgency=medium . * Apply two patches by Mark Adler: - Fix bug in undefer_input() that misplaced the input state. - Detect and reject a zip bomb using overlapped entries. Closes: #931433. Bug discovered by David Fifield. For reference, this is CVE-2019-13232. Checksums-Sha1: 95b393f68128c8d0b6392f9c46068f0421745636 1344 unzip_6.0-24.dsc 4eb6b4a97af769ef197f7889050ba80d0f8d4aae 22064 unzip_6.0-24.debian.tar.xz 9f26f7bd3524b70a7ead460c7f2bb762f0ed7fe2 4862 unzip_6.0-24_source.buildinfo Checksums-Sha256: c2ae3430e7f80e3393ce654f8964a9b47a0510791f2f34e4b09d565457f62af8 1344 unzip_6.0-24.dsc f11f6c939275201f52afb578e6625e470cd372c2e55e35e3f361d245b47c4961 22064 unzip_6.0-24.debian.tar.xz 9b4963ebf7789c4e99a0310db1a5bfa67d62201d0fad32bcc2435753ae2dec8a 4862 unzip_6.0-24_source.buildinfo Files: 17529631e8f7c70ccb18256e24550ec4 1344 utils optional unzip_6.0-24.dsc 6311cf07e568328d7c85483de8cb8bf9 22064 utils optional unzip_6.0-24.debian.tar.xz b86fb35651ff11ee559c31f1ca28f664 4862 utils optional unzip_6.0-24_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl0nXloACgkQQc5/C58b izLHGQf8D+gHv+sk+tQS5KGByTtcTs8Z06L9ZhWiHW0DOVFdalzeYZdO9F+VjZrX iWNGwRUeFAkHvFQPnry09WLFgG+YhZvJlyA1b0bryZEyMt93XLkrhMPT54g+pbdY i7oXsZogEFnS5pcmMN9TTr7UTwx76Go0GqeN/rA/RKoDor1wmtjHKFP4BcjwkBjv 1fWU+V5m/cib4/UI5QnaL90xAtRNcCQQELEDkPrsWHRX7f8/EKG4mSlgU92Sulm9 2lqj+AlZBm7BmAxBawa3deR9z/SXTswueFMdKy2ry9ij6GgCWpDMJy/kXn8e4W9s 0obpZbFXFI4cbPChe9WfOD0iovuuuQ== =cKhs -----END PGP SIGNATURE-----