Debian Package Tracker

From: Santiago Vila <sanvila@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted unzip 6.0-23+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Mon, 12 Aug 2019 19:17:26 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 30 Jul 2019 22:26:10 +0200
Source: unzip
Architecture: source
Version: 6.0-23+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Closes: 931433 932404
Changes:
 unzip (6.0-23+deb10u1) buster; urgency=medium
 .
   * Apply three patches by Mark Adler to fix CVE-2019-13232.
   - Fix bug in undefer_input() that misplaced the input state.
   - Detect and reject a zip bomb using overlapped entries.
     Bug discovered by David Fifield. Closes: #931433.
   - Do not raise a zip bomb alert for a misplaced central directory.
     Reported by Peter Green. Closes: #932404.
Checksums-Sha1:
 1b64103d9363928aac0e9443f360888cfdc5d60a 1376 unzip_6.0-23+deb10u1.dsc
 abf7de8a4018a983590ed6f5cbd990d4740f8a22 1376845 unzip_6.0.orig.tar.gz
 ffe1aa5355911b77752307dfed4d552a44d7f98d 23012 unzip_6.0-23+deb10u1.debian.tar.xz
 3adb8cb564ba981123ac73941cc4127f6542b5a4 4791 unzip_6.0-23+deb10u1_source.buildinfo
Checksums-Sha256:
 17c827fcb399d9e82bd08a7574838d95b10a335294edad6f604175dc1e7e8859 1376 unzip_6.0-23+deb10u1.dsc
 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 1376845 unzip_6.0.orig.tar.gz
 f64e87c377aea1139e2d2d6cc0ea8edb089951d28089e1e5de567a6cb715d384 23012 unzip_6.0-23+deb10u1.debian.tar.xz
 67bdc5d3984bb3fcd1e743e587cecfaa128ecf26e50e2d4b1a2c0efc8f1de92e 4791 unzip_6.0-23+deb10u1_source.buildinfo
Files:
 a63736b55b81b9f734f9b4367b11e5ce 1376 utils optional unzip_6.0-23+deb10u1.dsc
 62b490407489521db863b523a7f86375 1376845 utils optional unzip_6.0.orig.tar.gz
 355a854f70f94222c880d7061067ef77 23012 utils optional unzip_6.0-23+deb10u1.debian.tar.xz
 cdbf29fa67decf08fa7fb33c168066b5 4791 utils optional unzip_6.0-23+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl1AqHkACgkQQc5/C58b
izIZ6Qf9Fl5OztWTK0+kwSnyjL+tQeC2EjMRgYUT3H3jO+fYkdvP4qNETgqQR+sp
LFX00xx+vAMdGS6u1QnInljykjANG5dlvEoCylYeYTfvYb9YDZm/eq5bR2H3+O0F
362tmUGBrswW+os6ADxthbRIYSJVGET6Te4w0Ylbn8BDOJ1vfh7iLCZ5XuHih4eW
U9jDmqvn5Cqr1dWm3Pu50JUVYP+mT3FU/4KUCqKL02D3lD5IYGwy3+xQJf2WZy71
ybRQ48XlKFHZK6cjQM4M3SCLM5SfwZoOOjBv/lO+9rLIs4vnA89c/Y+dlpwJJA62
cpeogD3jzmlTPLOHOn8kTvb1nVjsiQ==
=c/LE
-----END PGP SIGNATURE-----

News for package unzip