-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 9 Nov 2005 18:05:02 +0100 Source: unzip Binary: unzip Architecture: source powerpc Version: 5.52-4 Distribution: unstable Urgency: medium Maintainer: Santiago Vila <sanvila@debian.org> Changed-By: Santiago Vila <sanvila@debian.org> Description: unzip - De-archiver for .zip files Closes: 321927 Changes: unzip (5.52-4) unstable; urgency=medium . * Fixed toctou vulnerability (Closes: #321927). Modified unix/unix.c to use fchmod() and fchown() instead of chmod() and chown() to change permissions and ownerships on the files actually created by unzip. Patch from Dan Yefimov. CAN-2005-2475. Files: c1cf7df4681cec6693027e68f45cedd8 516 utils optional unzip_5.52-4.dsc 5eef3ef776f3cf65abf803b0854f1773 8882 utils optional unzip_5.52-4.diff.gz 73f2f4108ac9349959732c27da2aa0d0 162164 utils optional unzip_5.52-4_powerpc.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDci2ad9Uuvj7yPNYRAq2CAJ9TQL3S1RG8C3Y8x2iGC05CWOwuoACffgrb USm0NR4t6fv6lxxfKpYdc6Y= =Ipxd -----END PGP SIGNATURE----- Accepted: unzip_5.52-4.diff.gz to pool/main/u/unzip/unzip_5.52-4.diff.gz unzip_5.52-4.dsc to pool/main/u/unzip/unzip_5.52-4.dsc unzip_5.52-4_powerpc.deb to pool/main/u/unzip/unzip_5.52-4_powerpc.deb