-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 19:03:02 +0200 Source: zziplib Binary: zziplib-bin libzzip-0-13 libzzip-dev Architecture: source amd64 Version: 0.13.56-1.1+deb7u1 Distribution: wheezy-security Urgency: low Maintainer: LIU Qi <liuqi82@gmail.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libzzip-0-13 - library providing read access on ZIP-archives - library libzzip-dev - library providing read access on ZIP-archives - development zziplib-bin - library providing read access on ZIP-archives - binaries Changes: zziplib (0.13.56-1.1+deb7u1) wheezy-security; urgency=low . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2017-5974 Heap-based buffer overflow in the __zzip_get32 function in fetch.c in zziplib allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. * CVE-2017-5975 Heap-based buffer overflow in the __zzip_get64 function in fetch.c in zziplib allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. * CVE-2017-5976 Heap-based buffer overflow in the zzip_mem_entry_extra_block function in memdisk.c in zziplib allows remote attackers to cause a denial of service (crash) via a crafted ZIP file. * CVE-2017-5978 The zzip_mem_entry_new function in memdisk.c in zziplib allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ZIP file. * CVE-2017-5979 The prescan_entry function in fseeko.c in zziplib allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. * CVE-2017-5980 The zzip_mem_entry_new function in memdisk.c in zziplib allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted ZIP file. * CVE-2017-5981 seeko.c in zziplib allows remote attackers to cause a denial of service (assertion failure and crash) via a crafted ZIP file. Checksums-Sha1: 15a2f8c100e3b47447a3226a2a14960ba1b1957a 2145 zziplib_0.13.56-1.1+deb7u1.dsc 5afd0fa6e7ace0fb45e768d2acaafea16c1bd941 680150 zziplib_0.13.56.orig.tar.gz 8fabde46fbcab7531de16b6c3e7f76704a8982b9 12688 zziplib_0.13.56-1.1+deb7u1.diff.gz d384e406288ce3b1c6becb3a9d77bf569640302b 41258 zziplib-bin_0.13.56-1.1+deb7u1_amd64.deb 6752c03c24633b6daa4168d85e6df0e7dfe0cfaf 56400 libzzip-0-13_0.13.56-1.1+deb7u1_amd64.deb 9093593ce53d93eddb36a4cf5757739c33cfe57b 148026 libzzip-dev_0.13.56-1.1+deb7u1_amd64.deb Checksums-Sha256: 16f8b1707df5e252d6dbe52e8ec1f99e78cb0c50661ff8c4647b85509f51fbfa 2145 zziplib_0.13.56-1.1+deb7u1.dsc 03d5cede1336d69bc1b060da90a5b786bb7987c84129c9110df806508165c4b0 680150 zziplib_0.13.56.orig.tar.gz ddb29028ca42abe502769550d2b697d32c21766f9d5900a617d6df563cd6aada 12688 zziplib_0.13.56-1.1+deb7u1.diff.gz 6a0076aa43d33ddaa23f7881b0bdde527cc8134ee32f81c2d8293e81143f9807 41258 zziplib-bin_0.13.56-1.1+deb7u1_amd64.deb e7f3d8044743bce2ea23e89e2e199bcaf144d85c1a783b8d9483583b25274940 56400 libzzip-0-13_0.13.56-1.1+deb7u1_amd64.deb 6da0a632ed9a2d9071b4cac853dc16a19815b480ce28de31d37568b88ad15b0b 148026 libzzip-dev_0.13.56-1.1+deb7u1_amd64.deb Files: 13649ad0cfb6751dbaf08131bed14471 2145 libs optional zziplib_0.13.56-1.1+deb7u1.dsc 729e291af8de84b54eca93e8283f016e 680150 libs optional zziplib_0.13.56.orig.tar.gz 5685d072ddee52a93c184c0c69225f18 12688 libs optional zziplib_0.13.56-1.1+deb7u1.diff.gz c28ff845ebe87026b856b417ceb58e04 41258 utils optional zziplib-bin_0.13.56-1.1+deb7u1_amd64.deb 3c86f6504e12ef8dcaaabb9199e5904b 56400 libs optional libzzip-0-13_0.13.56-1.1+deb7u1_amd64.deb d9475caee0fe2e470fd10d4e4d98ae2e 148026 libdevel optional libzzip-dev_0.13.56-1.1+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAllJZthfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR3u3D/9htoZ+J0zyhkSdMgRK6o9kv7pNQ8IS FGbStdQl/9qW3iLxani0cz8Y1RH3jTEfvIfmInnsHy2Rkw3MWZk/lL/s+Xcd9+p/ QCNVXfzbAw5FacIY6dNIGLy7Nmp59p7l/R9emX4EOtU7G4UnjgI5V+sSulaVMu+u oid0QMYF/l/09jCCJDoWy01P3dAzYLzTP1meg89Z9b9J7nrdTlQFY47K0z9AHBZg LiZfU0DojVXDNDK2P9djSwwfWWCJ/VDJrz4nEoV8lNf4rJoqbYZq48hhjLhDeSPw RrOIGFjr9jFTzW4vquvP6P6FwiHHm+BxDCSlgYX25o8LhB0fHXovYxQHRaoKtHLJ EoCBBRUI9YSNu0uzFz05os9cFiYiL/uSzA3wjKQbfofYbfXyrDujqENyAartOGrp P5dwoCzz8fRY4Yx7oxtlW9WwmGOmOZ9V0g6oKKOwsu9zezjL99Skhtk8VREAs6XR BRxBSb5Yq9dxDqOPvnOumTJDO88w8kfJ6YiAVN0P+4DDyCplmthmEgs/UwlcKUCK OZ54wsEC5CH5t3eMcGO2GtUnVwo4hr0iCj5QsxaedTqSXht9h0wl3x1HmAtGm83A EjK5+raR7EcPuoGGCZ1a8WKAsWuq8mvn4s7Nh7fpb5lnW5kZTjGvHkudGe68MCFA 7GlRx2Pr+IKHQQ== =javq -----END PGP SIGNATURE-----
