Ubuntu
unzip package

Change logs for unzip source package in Wily

  1. Wily (15.10)
  2. Change log 
  • unzip (6.0-17ubuntu1.2) wily-security; urgency=medium

  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

 -- Marc Deslauriers <email address hidden>  Mon, 09 Nov 2015 09:08:12 -0600
  • unzip (6.0-17ubuntu1.1) wily-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Thu, 29 Oct 2015 10:15:00 -0400
  • unzip (6.0-17ubuntu1) wily; urgency=medium

  * Resynchronise with Debian. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

unzip (6.0-17) unstable; urgency=medium

  * Switch to dh.
  * Remove build date embedded in binary to make the build reproducible.
    Thanks to Jérémy Bobbio <email address hidden>. Closes: #782851.

unzip (6.0-16) unstable; urgency=medium

  * Update 09-cve-2014-8139-crc-overflow to fix CVE-2014-8139
    the right way (patch by the author). Closes: #775640.
  * Update 10-cve-2014-8140-test-compr-eb to apply cleanly.
  * Update 12-cve-2014-9636-test-compr-eb to follow the extract.c
    file from the author.

unzip (6.0-15) unstable; urgency=medium

  * Fix heap overflow. Ensure that compressed and uncompressed
    block sizes match when using STORED method in extract.c.
    Patch taken from Ubuntu. Thanks a lot. Closes: #776589.
    For reference, this is CVE-2014-9636.

unzip (6.0-14) unstable; urgency=medium

  * Drop -O2 optimization on armhf as a workaround for gcc Bug #764732.
    Closes: #773785.

 -- Marc Deslauriers <email address hidden>  Fri, 22 May 2015 12:31:51 -0400
  • unzip (6.0-13ubuntu3) vivid; urgency=medium

  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/20-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.
 -- Marc Deslauriers <email address hidden>   Tue, 17 Feb 2015 14:22:58 -0500