-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Dec 2014 20:04:35 +0100 Source: unzip Binary: unzip Architecture: source amd64 Version: 6.0-8+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Santiago Vila <sanvila@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: unzip - De-archiver for .zip files Closes: 773722 Changes: unzip (6.0-8+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Apply upstream fix for three security bugs. CVE-2014-8139: CRC32 verification heap-based overflow CVE-2014-8140: out-of-bounds write issue in test_compr_eb() CVE-2014-8141: out-of-bounds read issues in getZip64Data() (Closes: #773722) Checksums-Sha1: 750342d29f6e203b8766d8d4acaa1e85f868c950 1676 unzip_6.0-8+deb7u1.dsc abf7de8a4018a983590ed6f5cbd990d4740f8a22 1376845 unzip_6.0.orig.tar.gz efa3c8368010fb14355ed6121f1d2018a1122fec 13694 unzip_6.0-8+deb7u1.debian.tar.gz 1d0874f135b2fbeebb0d03124a3072adb8dd6d0a 194914 unzip_6.0-8+deb7u1_amd64.deb Checksums-Sha256: f38e804ae4c8e04d02f4c9d74e91c47b30a9aee048a6c41548bea2a9db4f149d 1676 unzip_6.0-8+deb7u1.dsc 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 1376845 unzip_6.0.orig.tar.gz 02aeb43c88ba38849597e03920422f9612ce8c658f558cd4b34c45b9837a6a5b 13694 unzip_6.0-8+deb7u1.debian.tar.gz 86bcc62e3f26eecdf3d102d8155471adcdf2d0c73f0387421d2c8a8effb4ba12 194914 unzip_6.0-8+deb7u1_amd64.deb Files: 6d96da722abfc94bb4bfdf96e2a71723 1676 utils optional unzip_6.0-8+deb7u1.dsc 62b490407489521db863b523a7f86375 1376845 utils optional unzip_6.0.orig.tar.gz 6d0673b9a6cc740dfb0b4fa20af5a824 13694 utils optional unzip_6.0-8+deb7u1.debian.tar.gz 9a9c10dd675f9e080a80e883cdc52f30 194914 utils optional unzip_6.0-8+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUnt0zAAoJEAVMuPMTQ89EaykP/RDih5x5tsCln5jxtb/lLewF 92LRuCxYd27S7Vn1LuB3JoYGk3VK2mpfOXJE28vdCcbiV4iLsedGiOGkIg7obMkH O7sEF4KbQXdL50v8kSVr4K5aBa/W2MZpaZGKPMWBEPh+HFOuzJ0A8WtHH4xMv7qj PMB5CpLNL0DTq3uNqBx37k8g78Ie2xqyBdhmdm2pCS4FxoKHysdtGZWBKZiCNZsl h2kJY/EKw0jMyBf5dqz7zXy6yTDpQpaQNTD0WAPkj4HCaMonSMTt7VU1jlfCTv1U ud+r/lXiIRprYr/5WygHwA/Q0bZyQVgRWt4P7OEXtzfvpYU06dUtwAw8d06+jmFR 0w0u0XVfvvIL398uzhVFZ9pncHTOCQClu0O5vXf67ZK4o2M8SIL8v7N/Sn7E6UZL ABDPrlQbteUql4taj9y6ThVj8aL49T0KK6CBDGhkncADIew+AD2kV2Zc42gqCMUX 6bo4n9UFjwiKbFDQbGOR7LlysTXYP3VgsL2ulqe8JvxsfOS9Srs8qPNhehvfmzSe JgcZkHFBR4QVj0vEEqs7UUt7knDxAbUtQ7n7Ap2G1BMdon4W39z1Y1TolJGIZWzL 7rUrAGWTb0m+f+e6qHOZgst7NqJ3w5hA+6oKoVvaxk48nsi7OYASUSLtWsKbyS64 keuJU5O3Gwwpbx+UnHCa =P+o2 -----END PGP SIGNATURE-----