-
zziplib (0.13.62-2ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: invalid mem access in zzip_disk_fread
- debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
- CVE-2018-6381
* SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
- debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
- CVE-2018-6484
- CVE-2018-6541
- CVE-2018-6869
* SECURITY UPDATE: bus error in zzip_disk_findfirst
- debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
- CVE-2018-6540
* SECURITY UPDATE: invalid memory dereference
- debian/patches/CVE-2018-7725.patch: check zlib space in
zzip/memdisk.c, zzip/mmapped.c.
- CVE-2018-7725
* SECURITY UPDATE: bus error in __zzip_parse_root_directory
- debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
zzip/zip.c.
- debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
- debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
zzip/zip.c.
- CVE-2018-7726
-- Marc Deslauriers <email address hidden> Fri, 29 Jun 2018 12:28:33 -0400
-
zziplib (0.13.62-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: multiple security issues
- debian/patches/*: synchronize security fixes with Debian's
0.13.62-3.1 release. Thanks to Josef Moellers of SuSE and
Moritz Muehlenhoff of Debian!
- CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
CVE-2017-5979, CVE-2017-5980, CVE-2017-5981
-- Marc Deslauriers <email address hidden> Tue, 13 Jun 2017 10:04:06 -0400
-
zziplib (0.13.62-2) unstable; urgency=low
* Merge in Ubuntu changes to use dh-autoreconf to ensure package
remains buildable across future ports. Thanks to Steve Langasek.
(Closes: #736810)
-- Scott Howard <email address hidden> Sun, 26 Jan 2014 18:54:39 -0500
-
zziplib (0.13.56-2ubuntu1) trusty; urgency=medium
* Merge from Debian unstable, remaining changes:
- Use dh-autoreconf.
- Fix handling of @RESOLVE@ for newer autotools.
- zzip/Makefile.am: fix install target dependencies.
* Migrate Ubuntu changes to 3.0 (quilt) format.
zziplib (0.13.56-2) unstable; urgency=low
* Adopting package (Closes: #733144)
* use source/format 3.0 (quilt), and separate debian changes into
patch "export-dynamic.patch"
* simple dh rules
- multiarch enabled
- use --with autotools-dev (Closes: #717837)
* build depend on zip so build checks run
* added symbols file
* No longer conflict with zziplib-0-12 (no reason to conflict)
(Closes: #565982)
* Removed unneeded -lz from .pc file (Closes: #471065)
- debian/patches/remove_extra_z_linking.patch
-- Steve Langasek <email address hidden> Sun, 26 Jan 2014 21:38:16 +0000
-
zziplib (0.13.56-1.1ubuntu2) trusty; urgency=medium
* Use dh-autoreconf.
* Fix handling of @RESOLVE@ for newer autotools.
* zzip/Makefile.am: fix install target dependencies.
-- Steve Langasek <email address hidden> Fri, 13 Dec 2013 20:28:33 +0000
-
zziplib (0.13.56-1.1ubuntu1) saucy; urgency=low
* Update config.{guess,sub}.
-- Matthias Klose <email address hidden> Tue, 23 Jul 2013 14:16:21 +0200
