Change log for unzip package in Ubuntu

175 of 75 results
Published in hirsute-release on 2021-01-30
Deleted in hirsute-proposed (Reason: moved to Release)
unzip (6.0-26ubuntu1) hirsute; urgency=low

  * Merge from Debian unstable. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Published in xenial-updates on 2020-12-16
Published in xenial-security on 2020-12-16
unzip (6.0-20ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in unzip (LP: #387350)
    - debian/patches/17-cve-2014-9913-unzip-buffer-overflow: Accommodate
      printing an oversized compression method number in list.c.
    - CVE-2014-9913
  * SECURITY UPDATE: buffer overflow in zipinfo (LP: #1643750)
    - debian/patches/18-cve-2016-9844-zipinfo-buffer-overflow: Accommodate an
      oversized compression method number in zipinfo.c.
    - CVE-2016-9844
  * SECURITY UPDATE: buffer overflow in password protected ZIP archives
    - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
      check before allocating memory in fileio.c.
    - CVE-2018-1000035
  * SECURITY UPDATE: denial of service (resource consumption)
    - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
      in undefer_input() of fileio.c that misplaced the input state.
    - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
      Detect and reject a zip bomb using overlapped entries.
    - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
      Do not raise a zip bomb alert for a misplaced central directory.
    - CVE-2019-13232

 -- Avital Ostromich <email address hidden>  Wed, 25 Nov 2020 20:01:25 -0500
Published in bionic-updates on 2020-12-16
Published in bionic-security on 2020-12-16
unzip (6.0-21ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in password protected ZIP archives
    - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
      check before allocating memory in fileio.c.
    - CVE-2018-1000035
  * SECURITY UPDATE: denial of service (resource consumption)
    - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
      in undefer_input() of fileio.c that misplaced the input state.
    - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
      Detect and reject a zip bomb using overlapped entries.
    - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
      Do not raise a zip bomb alert for a misplaced central directory.
    - CVE-2019-13232

 -- Avital Ostromich <email address hidden>  Thu, 26 Nov 2020 16:01:36 -0500
Superseded in hirsute-release on 2021-01-30
Published in groovy-release on 2020-04-24
Published in focal-release on 2019-10-18
Obsolete in eoan-release on 2020-12-29
Deleted in eoan-proposed (Reason: moved to release)
unzip (6.0-25ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in eoan-release on 2019-08-16
Deleted in eoan-proposed on 2019-08-17 (Reason: moved to release)
unzip (6.0-24ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in eoan-release on 2019-07-16
Deleted in eoan-proposed on 2019-07-17 (Reason: moved to release)
unzip (6.0-23ubuntu1) eoan; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in eoan-release on 2019-05-29
Obsolete in disco-release on 2020-07-14
Deleted in disco-proposed on 2020-07-14 (Reason: moved to release)
unzip (6.0-22ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in disco-release on 2019-02-12
Obsolete in cosmic-release on 2020-07-13
Published in bionic-release on 2017-10-24
Obsolete in artful-release on 2020-07-10
Deleted in artful-proposed (Reason: moved to release)
unzip (6.0-21ubuntu1) artful; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in artful-release on 2017-04-29
Deleted in artful-proposed on 2017-04-30 (Reason: moved to release)
unzip (6.0-20ubuntu2) artful; urgency=medium

  * No-change rebuild to pick up -fPIE compiler default in static
    libraries

 -- Steve Langasek <email address hidden>  Fri, 21 Apr 2017 20:58:49 +0000

Available diffs

Superseded in artful-release on 2017-04-22
Obsolete in zesty-release on 2018-06-22
Obsolete in yakkety-release on 2018-01-23
Published in xenial-release on 2015-11-20
Deleted in xenial-proposed (Reason: moved to release)
unzip (6.0-20ubuntu1) xenial; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Published in precise-updates on 2015-11-09
Published in precise-security on 2015-11-09
unzip (6.0-4ubuntu2.5) precise-security; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 09:17:52 -0600

Available diffs

Published in trusty-updates on 2015-11-09
Published in trusty-security on 2015-11-09
unzip (6.0-9ubuntu1.5) trusty-security; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 09:16:57 -0600

Available diffs

Obsolete in wily-updates on 2018-01-22
Obsolete in wily-security on 2018-01-22
unzip (6.0-17ubuntu1.2) wily-security; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 09:08:12 -0600

Available diffs

Obsolete in vivid-updates on 2018-01-18
Obsolete in vivid-security on 2018-01-18
unzip (6.0-13ubuntu3.2) vivid-security; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 09:14:34 -0600

Available diffs

Superseded in xenial-release on 2015-11-20
Deleted in xenial-proposed on 2015-11-22 (Reason: moved to release)
unzip (6.0-19ubuntu2) xenial; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 08:51:17 -0600

Available diffs

Superseded in precise-updates on 2015-11-09
Superseded in precise-security on 2015-11-09
unzip (6.0-4ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2015 10:33:52 -0400
Superseded in trusty-updates on 2015-11-09
Superseded in trusty-security on 2015-11-09
unzip (6.0-9ubuntu1.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2015 10:33:05 -0400
Superseded in vivid-updates on 2015-11-09
Superseded in vivid-security on 2015-11-09
unzip (6.0-13ubuntu3.1) vivid-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2015 10:29:02 -0400
Superseded in wily-updates on 2015-11-09
Superseded in wily-security on 2015-11-09
unzip (6.0-17ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2015 10:15:00 -0400
Superseded in xenial-release on 2015-11-11
Deleted in xenial-proposed on 2015-11-12 (Reason: moved to release)
unzip (6.0-19ubuntu1) xenial; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in xenial-release on 2015-10-26
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
unzip (6.0-17ubuntu1) wily; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in precise-updates on 2015-10-29
Superseded in precise-security on 2015-10-29
unzip (6.0-4ubuntu2.3) precise-security; urgency=medium

  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/04-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.
 -- Marc Deslauriers <email address hidden>   Tue, 17 Feb 2015 14:19:20 -0500
Obsolete in utopic-updates on 2016-11-03
Obsolete in utopic-security on 2016-11-03
unzip (6.0-12ubuntu1.3) utopic-security; urgency=medium

  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/20-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.
 -- Marc Deslauriers <email address hidden>   Tue, 17 Feb 2015 14:10:47 -0500
Superseded in wily-release on 2015-05-22
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
unzip (6.0-13ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/20-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.
 -- Marc Deslauriers <email address hidden>   Tue, 17 Feb 2015 14:22:58 -0500

Available diffs

Superseded in trusty-updates on 2015-10-29
Superseded in trusty-security on 2015-10-29
unzip (6.0-9ubuntu1.3) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/06-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.
 -- Marc Deslauriers <email address hidden>   Tue, 17 Feb 2015 14:17:20 -0500
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
unzip (6.0-1ubuntu0.2) lucid-security; urgency=medium

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - extract.c: ensure compressed and uncompressed block sizes match when
      using STORED method.
    - CVE-2014-9636
 -- Marc Deslauriers <email address hidden>   Thu, 29 Jan 2015 11:39:12 -0500

Available diffs

Superseded in trusty-updates on 2015-02-17
Superseded in trusty-security on 2015-02-17
unzip (6.0-9ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636
 -- Marc Deslauriers <email address hidden>   Thu, 29 Jan 2015 11:37:34 -0500

Available diffs

Superseded in utopic-updates on 2015-02-17
Superseded in utopic-security on 2015-02-17
unzip (6.0-12ubuntu1.2) utopic-security; urgency=medium

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636
 -- Marc Deslauriers <email address hidden>   Thu, 29 Jan 2015 11:26:39 -0500
Superseded in precise-updates on 2015-02-17
Superseded in precise-security on 2015-02-17
unzip (6.0-4ubuntu2.2) precise-security; urgency=medium

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636
 -- Marc Deslauriers <email address hidden>   Thu, 29 Jan 2015 11:38:13 -0500

Available diffs

Superseded in vivid-release on 2015-02-17
Deleted in vivid-proposed on 2015-02-19 (Reason: moved to release)
unzip (6.0-13ubuntu2) vivid; urgency=medium

  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636
 -- Marc Deslauriers <email address hidden>   Thu, 29 Jan 2015 11:16:07 -0500

Available diffs

Superseded in utopic-updates on 2015-02-03
Superseded in utopic-security on 2015-02-03
unzip (6.0-12ubuntu1.1) utopic-security; urgency=medium

  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
      length in extract.c.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
      sizes in extract.c.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
      in fileio.c, check sizes in process.c.
    - CVE-2014-8141
 -- Marc Deslauriers <email address hidden>   Wed, 07 Jan 2015 16:08:29 -0500
Superseded in lucid-updates on 2015-02-03
Superseded in lucid-security on 2015-02-03
unzip (6.0-1ubuntu0.1) lucid-security; urgency=medium

  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - extract.c: check extra block length.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - extract.c: properly validate sizes.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - fileio.c: validate extra fields.
    - process.c: check sizes.
    - CVE-2014-8141
 -- Marc Deslauriers <email address hidden>   Wed, 07 Jan 2015 16:15:57 -0500
Superseded in precise-updates on 2015-02-03
Superseded in precise-security on 2015-02-03
unzip (6.0-4ubuntu2.1) precise-security; urgency=medium

  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
      length in extract.c.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
      sizes in extract.c.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
      in fileio.c, check sizes in process.c.
    - CVE-2014-8141
 -- Marc Deslauriers <email address hidden>   Wed, 07 Jan 2015 16:14:50 -0500
Superseded in trusty-updates on 2015-02-03
Superseded in trusty-security on 2015-02-03
unzip (6.0-9ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
      length in extract.c.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
      sizes in extract.c.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
      in fileio.c, check sizes in process.c.
    - CVE-2014-8141
 -- Marc Deslauriers <email address hidden>   Wed, 07 Jan 2015 16:14:02 -0500

Available diffs

  • diff from 6.0-9ubuntu1 (in Ubuntu) to 6.0-9ubuntu1.1 (pending)
Superseded in vivid-release on 2015-02-02
Deleted in vivid-proposed on 2015-02-03 (Reason: moved to release)
unzip (6.0-13ubuntu1) vivid; urgency=medium

  * Merge with Debian; remaining changes:

Available diffs

Superseded in vivid-release on 2014-12-25
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
unzip (6.0-12ubuntu1) utopic; urgency=medium

  * Resynchronise with Debian.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Obsolete in quantal-updates on 2015-04-24
Deleted in quantal-proposed on 2015-05-01 (Reason: moved to -updates)
unzip (6.0-7ubuntu1.1) quantal-proposed; urgency=low

  * Fix incorrectly displayed file names with UTF-8 characters.
    Add -DNO_WORKING_ISPRINT to build flags. (LP: #1199239, LP: #580961)
 -- Brian Murray <email address hidden>   Wed, 06 Nov 2013 10:31:34 -0800

Available diffs

Obsolete in raring-updates on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to -updates)
unzip (6.0-8ubuntu2) raring-proposed; urgency=low

  * Fix incorrectly displayed file names with UTF-8 characters.
    Add -DNO_WORKING_ISPRINT to build flags. (LP: #1199239, LP: #580961)
 -- Brian Murray <email address hidden>   Wed, 06 Nov 2013 09:40:08 -0800

Available diffs

Superseded in precise-updates on 2015-01-14
Deleted in precise-proposed on 2015-01-16 (Reason: moved to -updates)
unzip (6.0-4ubuntu2) precise-proposed; urgency=low

  * Fix incorrectly displayed file names with UTF-8 characters.
    Add -DNO_WORKING_ISPRINT to build flags. (LP: #1199239, LP: #580961)
 -- Brian Murray <email address hidden>   Wed, 06 Nov 2013 10:21:26 -0800

Available diffs

Superseded in utopic-release on 2014-06-05
Published in trusty-release on 2013-10-18
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed (Reason: moved to release)
unzip (6.0-9ubuntu1) saucy; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

Available diffs

Superseded in saucy-release on 2013-05-13
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
unzip (6.0-8ubuntu1) raring; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.
    - Use correct strip program when cross-building.

Available diffs

Superseded in raring-release on 2012-12-13
Deleted in raring-proposed on 2012-12-14 (Reason: moved to release)
unzip (6.0-7ubuntu2) raring; urgency=low

  * Use correct strip program when cross-building.
 -- Colin Watson <email address hidden>   Tue, 04 Dec 2012 15:15:23 +0000

Available diffs

Superseded in raring-release on 2012-12-04
Obsolete in quantal-release on 2015-04-24
unzip (6.0-7ubuntu1) quantal; urgency=low

  * Merge from Debian unstable. Remaining change:
    - Added patch from archlinux which adds the -O option allowing a charset
    to be specified for the proper unzipping of non-latin and non-unicode
    filenames.
  * Merge adds Multi-Arch: foreign. (LP: #1010450)

Available diffs

Superseded in quantal-release on 2012-08-14
Published in precise-release on 2011-10-13
Obsolete in oneiric-release on 2015-04-24
Obsolete in natty-release on 2013-06-04
unzip (6.0-4ubuntu1) natty; urgency=low

  * Added patch from archlinux which adds the -O option allowing a charset
    to be specified for the proper unzipping of non-latin and non-unicode
    filenames. (LP: #580961)
 -- Brian Thomason <email address hidden>   Wed, 12 Jan 2011 20:08:14 -0500

Available diffs

Superseded in natty-release on 2011-01-28
Obsolete in maverick-release on 2013-03-05
unzip (6.0-4) unstable; urgency=low

  * Added homepage field to control file.
  * Switch to 3.0 (quilt) source format.
  * Support cross-build.

Available diffs

Superseded in maverick-release on 2010-05-09
Obsolete in lucid-release on 2016-10-26
unzip (6.0-1build1) lucid; urgency=low

  * rebuild rest of main for armel armv7/thumb2 optimization;
    UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2
 -- Alexander Sack <email address hidden>   Sun, 07 Mar 2010 01:10:12 +0100

Available diffs

Superseded in lucid-release on 2010-03-07
Obsolete in karmic-release on 2013-03-04
unzip (6.0-1) unstable; urgency=low

  * New upstream release. Closes: #496989.
  * Enabled new Unicode support. Closes: #197427. This may or may not work
    for your already created zipfiles, but it's not a bug unless they were
    created using the Unicode feature present in zip 3.0.
  * Built using DATE_FORMAT=DF_YMD so that unzip -l show dates in ISO format,
    as that's the only available one which makes sense. Closes: #312886.
  * Enabled new bzip2 support. Closes: #426798.
  * Exit code for zipgrep should now be the right one. Closes: #441997.
  * The reason why a file may not be created is now shown. Closes: #478791.
  * Summary of changes in this version not being the debian/* files:
  - Manpages in section 1, not 1L.
  - Branding patch. UnZip by Debian. Original by Info-ZIP.
  - Always #include <unistd.h>. Debian GNU/kFreeBSD needs it.

 -- Martin Pitt <email address hidden>   Mon,  08 Jun 2009 09:13:25 +0100

Available diffs

Superseded in karmic-release on 2009-06-08
Obsolete in jaunty-release on 2013-02-28
unzip (5.52-12ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/rules: Configure with large file support.
    - unzip.c: Change banner to indicate Ubuntu modification.
    - support UTF-8 file names.

Available diffs

Superseded in jaunty-release on 2008-11-12
Obsolete in intrepid-release on 2013-02-20
unzip (5.52-11ubuntu1) intrepid; urgency=low

  * Merge with Debian; remaining changes:
    - debian/rules: Configure with large file support.
    - unzip.c: Change banner to indicate Ubuntu modification.
    - support UTF-8 file names.

Available diffs

Obsolete in feisty-updates on 2009-08-20
Obsolete in feisty-security on 2009-08-20
unzip (5.52-9ubuntu3.1) feisty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap corruption.
  * inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
  * References
    CVE-2008-0888

 -- Kees Cook <email address hidden>   Wed, 19 Mar 2008 12:08:30 -0700
Obsolete in edgy-updates on 2008-06-19
Obsolete in edgy-security on 2008-06-19
unzip (5.52-8ubuntu1.1) edgy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap corruption.
  * inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
  * References
    CVE-2008-0888

 -- Kees Cook <email address hidden>   Wed, 19 Mar 2008 12:08:30 -0700
Obsolete in dapper-updates on 2011-09-06
Obsolete in dapper-security on 2011-09-06
unzip (5.52-6ubuntu4.1) dapper-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap corruption.
  * inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
  * References
    CVE-2008-0888

 -- Kees Cook <email address hidden>   Wed, 19 Mar 2008 12:08:30 -0700
Obsolete in gutsy-updates on 2011-09-16
Obsolete in gutsy-security on 2011-09-16
unzip (5.52-10ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap corruption.
  * inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
  * References
    CVE-2008-0888

 -- Kees Cook <email address hidden>   Wed, 19 Mar 2008 12:08:30 -0700
Superseded in intrepid-release on 2008-06-25
Obsolete in hardy-release on 2015-04-24
unzip (5.52-10ubuntu2) hardy; urgency=low

  * SECURITY UPDATE: arbitrary code execution via heap corruption.
  * inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
  * References
    CVE-2008-0888

 -- Kees Cook <email address hidden>   Wed, 19 Mar 2008 12:08:30 -0700
Superseded in hardy-release on 2008-03-21
Obsolete in gutsy-release on 2011-09-16
unzip (5.52-10ubuntu1) gutsy; urgency=low

  * Merge with Debian; remaining changes:
    - debian/rules: Configure with large file support.
    - unzip.c: Change banner to indicate Ubuntu modification.
    - support UTF-8 file names.

Superseded in gutsy-release on 2007-07-19
Obsolete in feisty-release on 2009-08-20
unzip (5.52-9ubuntu3) feisty; urgency=low

  * Apply patch from https://bugzilla.altlinux.org/long_list.cgi?buglist=4871
    to support UTF-8 file names. Ubuntu #10979.

 -- Matthias Klose <email address hidden>   Sat, 31 Mar 2007 13:10:40 +0200
Superseded in feisty-release on 2007-03-31
unzip (5.52-9ubuntu2) feisty; urgency=low

  * Rebuild for changes in the amd64 toolchain.
  * Set Ubuntu maintainer address.

 -- Matthias Klose <email address hidden>   Mon,  5 Mar 2007 01:27:17 +0000
Superseded in feisty-release on 2007-03-08
unzip (5.52-9ubuntu1) feisty; urgency=low

  * Merge from debian unstable.

Superseded in feisty-release on 2006-11-22
Obsolete in edgy-release on 2008-06-19
unzip (5.52-8ubuntu1) edgy; urgency=low

  * Merge from debian unstable; only Ubuntu changes left:
    - debian/rules: Configure with large file support.
    - unzip.c: Change banner to indicate Ubuntu modification.

Superseded in edgy-release on 2006-06-30
Obsolete in dapper-release on 2011-09-06
unzip (5.52-6ubuntu4) dapper; urgency=low

  * const.h, process.c: Limit the maximum length of displayed file names to
    512 bytes, to avoid spewage with excessively long file names (which caused
    buffer overflows until the recent security fix for CVE-2005-4667).
  * Thanks to Santiago Vila for pointing this out.

 -- Martin Pitt <email address hidden>   Thu, 23 Mar 2006 13:00:08 +0100
Obsolete in breezy-security on 2008-03-25
unzip (5.52-3ubuntu2.2) breezy-security; urgency=low

  * Previous security update scrambled the output fields in the contents
    listing, fix that regression.

 -- Martin Pitt <email address hidden>   Wed, 15 Feb 2006 12:26:32 +0100
Obsolete in hoary-security on 2008-03-19
unzip (5.51-2ubuntu1.4) hoary-security; urgency=low

  * Previous security update scrambled the output fields in the contents
    listing, fix that regression.

 -- Martin Pitt <email address hidden>   Wed, 15 Feb 2006 11:30:16 +0000
Obsolete in warty-security on 2008-01-09
unzip (5.51-2ubuntu0.4) warty-security; urgency=low

  * Previous security update scrambled the output fields in the contents
    listing, fix that regression.

 -- Martin Pitt <email address hidden>   Wed, 15 Feb 2006 12:33:47 +0100
Superseded in dapper-release on 2006-03-23
unzip (5.52-6ubuntu3) dapper; urgency=low

  * Previous security update scrambled the output fields in the contents
    listing, fix that regression.

 -- Martin Pitt <email address hidden>   Wed, 15 Feb 2006 12:11:47 +0100
Superseded in breezy-security on 2006-02-15
unzip (5.52-3ubuntu2.1) breezy-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution on specially crafted long file
    names (which should not happen in many scenarios, though).
  * unzpriv.h, Info macro:
    - Use snprintf() instead of sprintf() as inner formatting function.
    - Use fputs() instead of fprintf() as outer function to ignore leftover
      format strings which might not have been substituted in the inner
      snprintf().
    - Throw away the three different implementations of that macro and use
      just one safe one.
    - CVE-2005-4667

 -- Martin Pitt <email address hidden>   Fri, 10 Feb 2006 19:35:15 +0000
Superseded in hoary-security on 2006-02-15
unzip (5.51-2ubuntu1.3) hoary-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution on specially crafted long file
    names (which should not happen in many scenarios, though).
  * unzpriv.h, Info macro:
    - Use snprintf() instead of sprintf() as inner formatting function.
    - Use fputs() instead of fprintf() as outer function to ignore leftover
      format strings which might not have been substituted in the inner
      snprintf().
    - Throw away the three different implementations of that macro and use
      just one safe one.
  * unix/unix.c, do_wild():
    - Replace unchecked strcpy() calls from user provided file argument to
      statically sized buffer with strncpy() and ensure null termination.
  * CVE-2005-4667

 -- Martin Pitt <email address hidden>   Fri, 10 Feb 2006 21:08:40 +0100
Superseded in warty-security on 2006-02-15
unzip (5.51-2ubuntu0.3) warty-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution on specially crafted long file
    names (which should not happen in many scenarios, though).
  * unzpriv.h, Info macro:
    - Use snprintf() instead of sprintf() as inner formatting function.
    - Use fputs() instead of fprintf() as outer function to ignore leftover
      format strings which might not have been substituted in the inner
      snprintf().
    - Throw away the three different implementations of that macro and use
      just one safe one.
  * unix/unix.c, do_wild():
    - Replace unchecked strcpy() calls from user provided file argument to
      statically sized buffer with strncpy() and ensure null termination.
  * CVE-2005-4667

 -- Martin Pitt <email address hidden>   Fri, 10 Feb 2006 21:18:25 +0100
Superseded in dapper-release on 2006-02-15
unzip (5.52-6ubuntu2) dapper; urgency=low

  * SECURITY UPDATE: Arbitrary code execution on specially crafted long file
    names (which should not happen in many scenarios, though).
  * unzpriv.h, Info macro:
    - Use snprintf() instead of sprintf() as inner formatting function.
    - Use fputs() instead of fprintf() as outer function to ignore leftover
      format strings which might not have been substituted in the inner
      snprintf().
    - Throw away the three different implementations of that macro and use
      just one safe one.
    - CVE-2005-4667

 -- Martin Pitt <email address hidden>   Fri, 10 Feb 2006 20:14:01 +0100
Superseded in dapper-release on 2006-02-10
Superseded in dapper-release on 2006-02-03
unzip (5.52-6ubuntu1) dapper; urgency=low


  * Resynchronise with Debian.

 -- Michael Vogt <email address hidden>  Wed, 28 Dec 2005 11:02:39 +0100
Superseded in dapper-release on 2006-01-31
unzip (5.52-5ubuntu1) dapper; urgency=low


  * Resynchronise with Debian.
  * Repaired totally scrambled changelog.
  * unzip.c: Change Debian banner to 'Ubuntu', as advised by the Debian
    maintainer.

 -- Martin Pitt <email address hidden>  Mon, 21 Nov 2005 20:38:41 +0100
Obsolete in breezy-release on 2008-03-25
unzip (5.52-3ubuntu2) breezy; urgency=low


  * SECURITY UPDATE: Fix file permission modification race.
  * unix/unix.c: Use fchmod() instead of chmod() to change permissions on the
    files unzip actually created, not the files another attacker might have
    hardlinked to in the meantime.
  * CAN-2005-2475

 -- Martin Pitt <email address hidden>  Thu, 29 Sep 2005 17:02:50 +0200
Superseded in hoary-security on 2006-02-13
Superseded in hoary-security on 2006-02-03
unzip (5.51-2ubuntu1.2) hoary-security; urgency=low


  * SECURITY UPDATE: Fix file permission modification race.
  * unix/unix.c: Use fchmod() instead of chmod() to change permissions on the
    files unzip actually created, not the files another attacker might have
    hardlinked to in the meantime.
  * CAN-2005-2475

 -- Martin Pitt <email address hidden>  Thu, 29 Sep 2005 15:09:08 +0000
Obsolete in hoary-release on 2008-03-19
unzip (5.51-2ubuntu1) hoary; urgency=low


  * Fixed unzip of >2GB files, thanks to patch from ard at kwaak.net 

 -- Thom May <email address hidden>  Mon, 28 Feb 2005 15:25:52 +0000
Superseded in warty-security on 2006-02-13
Superseded in warty-security on 2006-02-03
Superseded in warty-security on 2006-02-03
unzip (5.51-2ubuntu0.2) warty-security; urgency=low


  * SECURITY UPDATE: Fix file permission modification race.
  * unix/unix.c: Use fchmod() instead of chmod() to change permissions on the
    files unzip actually created, not the files another attacker might have
    hardlinked to in the meantime.
  * CAN-2005-2475

 -- Martin Pitt <email address hidden>  Thu, 29 Sep 2005 17:10:51 +0200
Obsolete in warty-release on 2008-01-09
unzip (5.51-2) unstable; urgency=low


  * Added unshrinking support (Closes: #252563).

 -- Santiago Vila <email address hidden>  Sun,  6 Jun 2004 17:57:46 +0200
175 of 75 results