-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Jun 2020 11:03:02 +0200 Source: zziplib Binary: zziplib-bin libzzip-0-13 libzzip-dev Architecture: source amd64 Version: 0.13.62-3+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Scott Howard <showard@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libzzip-0-13 - library providing read access on ZIP-archives - library libzzip-dev - library providing read access on ZIP-archives - development zziplib-bin - library providing read access on ZIP-archives - binaries Changes: zziplib (0.13.62-3+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-6381 Invalid memory access in zzip_disk_fread * CVE-2018-6484, CVE-2018-6541, CVE-2018-6869 Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. * CVE-2018-6540 bus error in zzip_disk_findfirst function in zzip/mmapped.c * CVE-2018-7725 out of bound read in mmapped.c:zzip_disk_fread() causes crash * CVE-2018-7726 Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file * CVE-2018-16548 Memory leak triggered in the function __zzip_parse_root_directory in zip.c Checksums-Sha1: 5a7ac613484bc781beb88dbdf997411427ce247b 2215 zziplib_0.13.62-3+deb8u2.dsc cf8b642abd9db618324a1b98cc71492a007cd687 685770 zziplib_0.13.62.orig.tar.bz2 013ccf5ab40d1b03b5bb36b93deefb2f95af5af3 16184 zziplib_0.13.62-3+deb8u2.debian.tar.xz a94e01eff2f62c7b8f10371edf848aad5e554dd5 41690 zziplib-bin_0.13.62-3+deb8u2_amd64.deb d92aee4a392e9db157c54dddfe6e5fa2c6a967ce 56002 libzzip-0-13_0.13.62-3+deb8u2_amd64.deb 24c68e0b953e1f82018259d0d0cc0f7d8c09a108 112156 libzzip-dev_0.13.62-3+deb8u2_amd64.deb Checksums-Sha256: a2c0dcd79908e6f0a9c300490b278ea31fbc828292ebe6d6ddf8a7b55aef39fe 2215 zziplib_0.13.62-3+deb8u2.dsc a1b8033f1a1fd6385f4820b01ee32d8eca818409235d22caf5119e0078c7525b 685770 zziplib_0.13.62.orig.tar.bz2 c8577f54786bbe7a19610dce3116a17e5f73ca39a0739e09f8964088537b3f93 16184 zziplib_0.13.62-3+deb8u2.debian.tar.xz 57cfcd33bd35559171a5fee908030d57bf0f543ed70c2d204df93c254aade770 41690 zziplib-bin_0.13.62-3+deb8u2_amd64.deb 43f972dc4c8636aa5c9a0812457ffcb0bbdbde86637a1124b20cde2351dde0fa 56002 libzzip-0-13_0.13.62-3+deb8u2_amd64.deb b6bfc3ecac94bb3d76a5929b2abecaedeb1d8bff8fa8474f196c94073a09e12c 112156 libzzip-dev_0.13.62-3+deb8u2_amd64.deb Files: 7a441ac1137613e882fc453539611efb 2215 libs optional zziplib_0.13.62-3+deb8u2.dsc 5fe874946390f939ee8f4abe9624b96c 685770 libs optional zziplib_0.13.62.orig.tar.bz2 512d1a08ee6f805f0d5215234ca90b72 16184 libs optional zziplib_0.13.62-3+deb8u2.debian.tar.xz 147b959500e20b6b65cf4a9b746fef5f 41690 utils optional zziplib-bin_0.13.62-3+deb8u2_amd64.deb 2a770a529ca48bd56edb5363c05943bd 56002 libs optional libzzip-0-13_0.13.62-3+deb8u2_amd64.deb 225c505e6f1a4fb910c0f0c762b98419 112156 libdevel optional libzzip-dev_0.13.62-3+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl74Z3FfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRwLfD/4mTry4gY5gf4gVWoFAuzXikfNkSj5Q R+xD3tiMoEiBkLHv3YjFviWWIZQ/lOCwtAa1cVHlAl3gdnsJHrnUEUz3zGAfwiac 3k60tEabin61Q2EcfkN0kjEDmusn/XmLIkJ7z6tl6y1DeEWnmkJTPj/G8bf36mdB S8vuuFhw3+TtZGWBeUYr6eOgjcfrDpTDMO7zqeRAR6WGLw9WwG81+rJH1nLUbfb8 UXL/zeZBIgRBkGV5Lzuzbye39RXoVVKYJLKFqZEeZIiXoF2yW6CZf3BLm7XPrak2 U7mIQab7lgNTm76YYHH8gXURCPCc1rTb19hZQMVE6sMXUqq8zEttpN2uhcZpm6r7 yDfP0+8SvehRu0BOZ5H6s4OJf+iTqYP4UMy75I64L2xgPce8AYyNqvaOZg0v4t/C q1CrzFooKq8AppN2c2LnNcahGqCTDOtfElyXogFcL+l7fsiOrEi4wiNKSWxEdxkh keJEKOfzXw3komCmf3+pKXEQnNfrqIiBaId6i5USA9hgz9DPiY88l3o9T/tMX0To GjxabazIJl/G3n4qFbd7IFdxQDSH3fue0CTBtVZUK6ySZDbbeUbF7Obs1Eb5n/M+ Ti20wKQAvw2jCKl4gSqsjV0NWZ625VfNMwuai6U/pFw3Ztr2Eb10nnVu/7SQMBKO AH4iYWWbVBiKeg== =xkGw -----END PGP SIGNATURE-----
