Format: 1.8
Date: Fri, 29 Jun 2018 12:27:57 -0400
Source: zziplib
Binary: zziplib-bin libzzip-0-13 libzzip-dev
Architecture: amd64
Version: 0.13.62-3ubuntu0.16.04.2
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-003.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libzzip-0-13 - library providing read access on ZIP-archives - library
 libzzip-dev - library providing read access on ZIP-archives - development
 zziplib-bin - library providing read access on ZIP-archives - binaries
Changes:
 zziplib (0.13.62-3ubuntu0.16.04.2) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: invalid mem access in zzip_disk_fread
     - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
     - CVE-2018-6381
   * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
     - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
     - CVE-2018-6484
     - CVE-2018-6541
     - CVE-2018-6869
   * SECURITY UPDATE: bus error in zzip_disk_findfirst
     - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
     - CVE-2018-6540
   * SECURITY UPDATE: invalid memory dereference
     - debian/patches/CVE-2018-7725.patch: check zlib space in
       zzip/memdisk.c, zzip/mmapped.c.
     - CVE-2018-7725
   * SECURITY UPDATE: bus error in __zzip_parse_root_directory
     - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
       zzip/zip.c.
     - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
     - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
       zzip/zip.c.
     - CVE-2018-7726
Checksums-Sha1:
 cad82b16c54e85a02bd5325c8cd909b7ca4fcfa8 26144 libzzip-0-13_0.13.62-3ubuntu0.16.04.2_amd64.deb
 081fe21eca245996fcdeb37b8d61c307846e9b6e 80820 libzzip-dev_0.13.62-3ubuntu0.16.04.2_amd64.deb
 7be157126863da0aecc6aac6096a7ce313ae8cb0 10506 zziplib-bin_0.13.62-3ubuntu0.16.04.2_amd64.deb
Checksums-Sha256:
 2f1d3b7e077d6a9fa26a1982bf6eed9da25a460ff293c1900055ca1422652840 26144 libzzip-0-13_0.13.62-3ubuntu0.16.04.2_amd64.deb
 bcd184d8076b3d490feeae48dfdd6e8f3c76057d58e1ad8d73656c06c230020d 80820 libzzip-dev_0.13.62-3ubuntu0.16.04.2_amd64.deb
 e0abb1de93e3f21bab2d0ccc22956b6c07678c79f357c02431a48c4c4d1fe171 10506 zziplib-bin_0.13.62-3ubuntu0.16.04.2_amd64.deb
Files:
 505b014918c873e8514d4f8d5aed8e01 26144 libs optional libzzip-0-13_0.13.62-3ubuntu0.16.04.2_amd64.deb
 43823e6c0f970f2ce42d28da6af686ef 80820 libdevel optional libzzip-dev_0.13.62-3ubuntu0.16.04.2_amd64.deb
 e6e80480143497fb15fe77e467ce653b 10506 utils optional zziplib-bin_0.13.62-3ubuntu0.16.04.2_amd64.deb
Original-Maintainer: Scott Howard <showard@debian.org>