unzip 6.0-21ubuntu1.1 source package in Ubuntu


unzip (6.0-21ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in password protected ZIP archives
    - debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch: Perform
      check before allocating memory in fileio.c.
    - CVE-2018-1000035
  * SECURITY UPDATE: denial of service (resource consumption)
    - debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch: Fix bug
      in undefer_input() of fileio.c that misplaced the input state.
    - debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch:
      Detect and reject a zip bomb using overlapped entries.
    - debian/patches/24-cve-2019-13232-do-not-raise-alert-for-misplaced-central-directory.patch:
      Do not raise a zip bomb alert for a misplaced central directory.
    - CVE-2019-13232

 -- Avital Ostromich <email address hidden>  Thu, 26 Nov 2020 16:01:36 -0500

Upload details

Uploaded by:
Avital Ostromich on 2020-12-02
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2020-12-16 main utils
Bionic security on 2020-12-16 main utils


File Size SHA-256 Checksum
unzip_6.0.orig.tar.gz 1.3 MiB 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37
unzip_6.0-21ubuntu1.1.debian.tar.xz 25.6 KiB e793a0078ba3d94726e477042fcecba123a7d4d4c43872ae03290fcebaac1824
unzip_6.0-21ubuntu1.1.dsc 1.6 KiB e40161a20191eeae40c9b936237db322c6add5713cd66dc8ceeb54c988b92f2f

View changes file

Binary packages built by this source

unzip: De-archiver for .zip files

 InfoZIP's unzip program. With the exception of multi-volume archives
 (ie, .ZIP files that are split across several disks using PKZIP's /& option),
 this can handle any file produced either by PKZIP, or the corresponding
 InfoZIP zip program.
 This version supports encryption.

unzip-dbgsym: debug symbols for unzip