-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: unzip Binary: unzip Architecture: any Version: 6.0-19 Maintainer: Santiago Vila <[email protected]> Homepage: http://www.info-zip.org/UnZip.html Standards-Version: 3.9.6 Build-Depends: debhelper (>= 9), libbz2-dev Package-List: unzip deb utils optional arch=any Checksums-Sha1: abf7de8a4018a983590ed6f5cbd990d4740f8a22 1376845 unzip_6.0.orig.tar.gz e9365b87fff0d7c5c1888568b33bc88008f9b60c 16616 unzip_6.0-19.debian.tar.xz Checksums-Sha256: 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 1376845 unzip_6.0.orig.tar.gz 1dbe8726dbb4ce7ac645e4700421d3a30650bd257ffe2271ac4be8dc4c939208 16616 unzip_6.0-19.debian.tar.xz Files: 62b490407489521db863b523a7f86375 1376845 unzip_6.0.orig.tar.gz eace08b51823c3cec0db075171184728 16616 unzip_6.0-19.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWKLbpAAoJEEHOfwufG4sy9EQH/3tRYhRVFbG+aFQdZK6AvHHH 0tgPMvHZem257UdqLOGvf15i6Vdelywb6ebK2RRcPeVtKkU+HO1K93TwsCkuBAoi MlS11Dkw1MXcN+ScnFT1aByP/ioboXhff8sQkdGw1u/c4Sbb7al1siPWEFswTmzo ozNb9EcukIrc8/nXhiUwlKYCEFkgrFm/NJNsqhS7YF6+EAUNtaxyxRpSC9Ms+F9z RuxTWYR9uGAAsU0RQaVy+odmzo+Ob86pm+SdfBDyuXcGRXztdZASmdVyGPcpGTZh 4w2hLIuCVzJelfxpgzEOQ+LlcidV8cx+RV8CHl4xV5wLNKnp8b0DlwBxGRxKILw= =0lRs -----END PGP SIGNATURE----- Changes: unzip (6.0-19) unstable; urgency=medium * Fix infinite loop when extracting password-protected archive. This is CVE-2015-7697. Closes: #802160. * Fix heap overflow when extracting password-protected archive. This is CVE-2015-7696. Closes: #802162. * Fix additional unsigned overflow on invalid input. * Thanks a lot to Raphaël Hertzog for the squeeze-lts release, from which this upload is mainly derived. -- Santiago Vila <[email protected]> Thu, 22 Oct 2015 12:12:46 +0200
