Debian Package Tracker

From: Santiago Vila <sanvila@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted unzip 6.0-21+deb9u2 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Date: Fri, 16 Aug 2019 21:21:46 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 05 Aug 2019 18:10:06 +0200
Source: unzip
Binary: unzip
Architecture: source
Version: 6.0-21+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Description:
 unzip      - De-archiver for .zip files
Closes: 929502 931433 932404
Changes:
 unzip (6.0-21+deb9u2) stretch; urgency=medium
 .
   * Fix incorrect parsing of 64-bit values in fileio.c. Closes: #929502.
   * Apply three patches by Mark Adler to fix CVE-2019-13232.
   - Fix bug in undefer_input() that misplaced the input state.
   - Detect and reject a zip bomb using overlapped entries.
     Bug discovered by David Fifield. Closes: #931433.
   - Do not raise a zip bomb alert for a misplaced central directory.
     Reported by Peter Green. Closes: #932404.
Checksums-Sha1:
 250feac3fe611302fcb96c0b597a4b00874dfb91 1372 unzip_6.0-21+deb9u2.dsc
 3cd642a92527b7503b960b07c0fa72467adae25c 22984 unzip_6.0-21+deb9u2.debian.tar.xz
 236ec5f85f1063feaf9ea242d5dcf0feea5659dc 5309 unzip_6.0-21+deb9u2_source.buildinfo
Checksums-Sha256:
 9894c31ba2999c72e81593ba0ecb6ee621c2992071427fc790981df6d9f56605 1372 unzip_6.0-21+deb9u2.dsc
 8caf2e849fc90bdb22e9c338c64800c98c7179345cbce47d65c8dda4efc8942b 22984 unzip_6.0-21+deb9u2.debian.tar.xz
 9a05f15a813eefc87be2b5002777551b57511007b65307ead9155a1897b42619 5309 unzip_6.0-21+deb9u2_source.buildinfo
Files:
 85ac33f5f6c20ab93087eaea1a1787c5 1372 utils optional unzip_6.0-21+deb9u2.dsc
 8844ec147d2e26983e966961e50e2f7f 22984 utils optional unzip_6.0-21+deb9u2.debian.tar.xz
 558d0b1400a21f96139d5ce5b87c6020 5309 utils optional unzip_6.0-21+deb9u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEyBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAl1IVP8ACgkQQc5/C58b
izLGrQf3fkOC0w3univaDj6fKanzOWplI9OC4YuJjE9JYCEa8n3sv4I4o0LYMlQj
brwzXe6g0EceMZDVTvRJL8qhlmBqBM1l0kCt0TsuxPedpsVi7Dy0VVcdUNfcXjDh
fwlsgcHbCBhj1J18elBNaUihcuCf12Rv0+7WD8oAVqiqvf24P8PSM1sl7jLvGwZ6
ZAzxvHk/TRwJ/OH9hbDP0x1xBoUTiQo0381axiya4HFfyDrL+nhk9ynVDa9WAC4v
LSArLoS0AjfN5jMD+ZG+5Vj9H/HjiwTezqZe1wWm40QvGG3UJoTDDx9a+nNJNIH2
Hqt69EqsNCrGDzz79gOKtwjmo4Pf
=nCYL
-----END PGP SIGNATURE-----

News for package unzip