Debian Package Tracker

general

source: zziplib (main)
version: 0.13.62-3.2
maintainer: Scott Howard (DMD) (LowNMU)
arch: any
std-ver: 3.9.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.13.62-3+deb8u1
o-o-sec: 0.13.62-3+deb8u1
oldstable: 0.13.62-3.2~deb9u1
stable: 0.13.62-3.2
testing: 0.13.62-3.2
unstable: 0.13.62-3.2

versioned links

0.13.62-3+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.13.62-3.2~deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.13.62-3.2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libzzip-0-13
libzzip-dev
zziplib-bin (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 0.13.68 high

A new upstream version 0.13.68 is available, you should consider packaging it.

Created: 2019-02-21 Last update: 2019-10-21 19:14

Failed to analyze the VCS repository. Please troubleshoot and fix the issue. high

vcswatch reports that there is an error with this package's VCS, or the debian/changelog file inside it. Please check the error shown below and try to fix it. You might have to update the VCS URL in the debian/control file to point to the correct repository.

fatal: repository 'https://anonscm.debian.org/git/collab-maint/zziplib.git/' not found

Created: 2017-12-03 Last update: 2019-10-21 00:38

lintian reports 6 errors and 29 warnings high

Lintian reports 6 errors and 29 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-28 Last update: 2019-10-01 04:19

Standards version of the package is outdated. high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 3.9.5).

Created: 2017-06-04 Last update: 2019-09-29 23:40

Depends on packages which need a new maintainer normal

The packages that zziplib depends on which need a new maintainer are:

dh-exec (#851746)
- Build-Depends: dh-exec

Created: 2017-12-02 Last update: 2019-10-21 19:21

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-10-21 19:05

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-10-21 19:20

8 ignored security issues in jessie low

There are 8 open security issues in jessie.

8 issues skipped by the security teams:

CVE-2018-6484: In ZZIPlib 0.13.67, there is a memory alignment error and bus error in the __zzip_fetch_disk_trailer function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-7726: An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused by the __zzip_parse_root_directory function of zip.c. Attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-16548: An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c, which will lead to a denial of service attack.
CVE-2018-7725: An issue was discovered in ZZIPlib 0.13.68. An invalid memory address dereference was discovered in zzip_disk_fread in mmapped.c. The vulnerability causes an application crash, which leads to denial of service.
CVE-2018-6541: In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address (when handling disk64_trailer local entries) in __zzip_fetch_disk_trailer (zzip/zip.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-6540: In ZZIPlib 0.13.67, there is a bus error caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.
CVE-2018-6381: In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid memory access in the zzip_disk_fread function (zzip/mmapped.c) because the size variable is not validated against the amount of file->stored data.
CVE-2018-6869: In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a crash in the __zzip_parse_root_directory function of zzip/zip.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted zip file.

Please fix them.

Created: 2017-02-16 Last update: 2019-10-21 00:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2014-07-02 18:05

news

[rss feed]

[2019-04-14] Accepted zziplib 0.13.62-3.2~deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2019-03-18] zziplib 0.13.62-3.2 MIGRATED to testing (Debian testing watch)
[2019-03-11] Accepted zziplib 0.13.62-3.2 (source) into unstable (Salvatore Bonaccorso)
[2018-02-20] Accepted zziplib 0.13.56-1.1+deb7u2 (source amd64) into oldoldstable (Chris Lamb)
[2017-06-24] Accepted zziplib 0.13.62-3+deb8u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2017-06-20] Accepted zziplib 0.13.56-1.1+deb7u1 (source amd64) into oldoldstable (Thorsten Alteholz)
[2017-06-06] zziplib 0.13.62-3.1 MIGRATED to testing (Debian testing watch)
[2017-06-04] Accepted zziplib 0.13.62-3.1 (source amd64) into unstable (Moritz Muehlenhoff) (signed by: Moritz Mühlenhoff)
[2014-08-30] zziplib 0.13.62-3 MIGRATED to testing (Britney)
[2014-08-25] Accepted zziplib 0.13.62-3 (source i386) into unstable (Scott Howard)
[2014-02-06] zziplib 0.13.62-2 MIGRATED to testing (Debian testing watch)
[2014-01-27] Accepted zziplib 0.13.62-2 (source i386) (Scott Howard)
[2014-01-21] Accepted zziplib 0.13.62-1 (source i386) (Scott Howard)
[2014-01-18] zziplib 0.13.56-2 MIGRATED to testing (Debian testing watch)
[2014-01-07] Accepted zziplib 0.13.56-2 (source i386) (Scott Howard)
[2011-10-19] zziplib 0.13.56-1.1 MIGRATED to testing (Debian testing watch)
[2011-10-08] Accepted zziplib 0.13.56-1.1 (source i386) (gregor herrmann)
[2009-07-26] zziplib 0.13.56-1 MIGRATED to testing (Debian testing watch)
[2009-07-25] zziplib 0.13.56-1 MIGRATED to testing (Debian testing watch)
[2009-07-24] zziplib 0.13.56-1 MIGRATED to testing (Debian testing watch)
[2009-07-13] Accepted zziplib 0.13.56-1 (source powerpc) (LIU Qi) (signed by: Anibal Monsalve Salazar)
[2009-06-22] zziplib 0.13.54-1 MIGRATED to testing (Debian testing watch)
[2009-06-11] Accepted zziplib 0.13.54-1 (source amd64) (LIU Qi) (signed by: Anibal Monsalve Salazar)
[2009-04-03] zziplib 0.13.50-1 MIGRATED to testing (Debian testing watch)
[2009-03-23] Accepted zziplib 0.13.50-1 (source amd64) (Anibal Monsalve Salazar)
[2008-04-12] zziplib 0.13.49-4 MIGRATED to testing (Debian testing watch)
[2008-04-05] Accepted zziplib 0.13.49-4 (source mips) (Anibal Monsalve Salazar)
[2008-04-05] Accepted zziplib 0.13.49-3.1 (amd64 sparc powerpc source i386 mips ia64 alpha arm) (Steve McIntyre)
[2007-11-12] Accepted zziplib 0.13.49-3 (source amd64) (Anibal Monsalve Salazar)
[2007-09-04] Accepted zziplib 0.12.83-8lenny1 (source i386) (Nico Golde)

bugs [bug history graph]

all: 6
RC: 0
I&N: 6
M&W: 0
F&P: 0
patch: 1

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.13.62-3.2