unzip 6.0-9ubuntu1.1 source package in Ubuntu


unzip (6.0-9ubuntu1.1) trusty-security; urgency=medium

  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
      length in extract.c.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
      sizes in extract.c.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
      in fileio.c, check sizes in process.c.
    - CVE-2014-8141
 -- Marc Deslauriers <email address hidden>   Wed, 07 Jan 2015 16:14:02 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
unzip_6.0.orig.tar.gz 1.3 MiB 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37
unzip_6.0-9ubuntu1.1.debian.tar.gz 17.0 KiB a8565b85cb03c13a303806ed04d19b62ab269c7aaef775ce17a6c89d30d891b3
unzip_6.0-9ubuntu1.1.dsc 1.7 KiB e41eb36a688149ca49bbb34e1ab08ff258c0eef77a4807827f2d32441973054a

Available diffs

  • diff from 6.0-9ubuntu1 (in Ubuntu) to 6.0-9ubuntu1.1 (pending)

View changes file

Binary packages built by this source

unzip: De-archiver for .zip files

 InfoZIP's unzip program. With the exception of multi-volume archives
 (ie, .ZIP files that are split across several disks using PKZIP's /& option),
 this can handle any file produced either by PKZIP, or the corresponding
 InfoZIP zip program.
 This version supports encryption.