Change logs for unzip source package in Trusty

  • unzip (6.0-9ubuntu1.5) trusty-security; urgency=medium
      * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
        regression in handling 0-byte files (LP: #1513293)
     -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 09:16:57 -0600
  • unzip (6.0-9ubuntu1.4) trusty-security; urgency=medium
      * SECURITY UPDATE: denial of service and possible code execution via
        heap overflow
        - debian/patches/14-cve-2015-7696: add check to crypt.c.
        - CVE-2015-7696
      * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
        - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
        - CVE-2015-7697
      * SECURITY UPDATE: unsigned overflow on invalid input
        - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
          csiz_decrypted doesn't overflow in extract.c.
        - No CVE number
     -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2015 10:33:05 -0400
  • unzip (6.0-9ubuntu1.3) trusty-security; urgency=medium
      * SECURITY UPDATE: heap overflow in charset_to_intern()
        - debian/patches/06-unzip60-alt-iconv-utf8: updated to fix buffer
          overflow in unix/unix.c.
        - CVE-2015-1315
      * SECURITY REGRESSION: regression with executable jar files
        - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      * SECURITY REGRESSION: regression with certain compressed data headers
        - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
     -- Marc Deslauriers <email address hidden>   Tue, 17 Feb 2015 14:17:20 -0500
  • unzip (6.0-9ubuntu1.2) trusty-security; urgency=medium
      * SECURITY UPDATE: heap overflow via mismatched block sizes
        - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
          uncompressed block sizes match when using STORED method in extract.c.
        - CVE-2014-9636
     -- Marc Deslauriers <email address hidden>   Thu, 29 Jan 2015 11:37:34 -0500
  • unzip (6.0-9ubuntu1.1) trusty-security; urgency=medium
      * SECURITY UPDATE: CRC32 verification heap-based overflow
        - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
          length in extract.c.
        - CVE-2014-8139
      * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
        - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
          sizes in extract.c.
        - CVE-2014-8140
      * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
        - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
          in fileio.c, check sizes in process.c.
        - CVE-2014-8141
     -- Marc Deslauriers <email address hidden>   Wed, 07 Jan 2015 16:14:02 -0500
  • unzip (6.0-9ubuntu1) saucy; urgency=low
      * Resynchronise with Debian.  Remaining changes:
        - Add patch from archlinux which adds the -O option, allowing a charset
          to be specified for the proper unzipping of non-Latin and non-Unicode
    unzip (6.0-9) unstable; urgency=low
      * Added NO_WORKING_ISPRINT to DEFINES so that UTF8 filenames are
        displayed correctly. Reported by Slavek Banko. Closes: #682682.
      * Use the right strip command when cross-building. Closes: #695141.
     -- Colin Watson <email address hidden>   Mon, 13 May 2013 13:00:12 +0100