Format: 1.8
Date: Fri, 08 Apr 2022 07:12:17 -0400
Source: gzip
Binary: gzip gzip-win32
Architecture: amd64 all
Version: 1.6-5ubuntu1.2
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@ubuntu>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 gzip       - GNU compression utilities
 gzip-win32 - GNU compression utility (win32 build)
Changes:
 gzip (1.6-5ubuntu1.2) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: arbitrary file override with crafted file names
     - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
       file names in zgrep.in.
     - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
       tests/zgrep-abuse.
     - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
     - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
       gzexe.in.
     - debian/patches/CVE-2022-1271-5.patch: use C locale more often in
       gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
     - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
       mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
     - debian/rules: fix permissions on new test scripts.
     - CVE-2022-1271
Checksums-Sha1:
 f298c23f40bce758e64c0e4e9549d7694edee308 103040 gzip-dbgsym_1.6-5ubuntu1.2_amd64.ddeb
 dc6a9f391d515f9516a7c0b69795b89a3c86407d 68988 gzip-win32_1.6-5ubuntu1.2_all.deb
 8dfa6ff9722dac3c80b3641283bfb185ab33d396 6583 gzip_1.6-5ubuntu1.2_amd64.buildinfo
 f2570dc79ae7aa4753c8ab94aa30cc48166e6509 90316 gzip_1.6-5ubuntu1.2_amd64.deb
Checksums-Sha256:
 a50fa28a923d79c45e83fb3a1391a397c5d0398ef70a60aafa8a1dfec101fca5 103040 gzip-dbgsym_1.6-5ubuntu1.2_amd64.ddeb
 65885233aea1f5d722b532c4d8541537e55989d96ae3e290fd0f778ad8cc6535 68988 gzip-win32_1.6-5ubuntu1.2_all.deb
 ab1ac69a42416796af5a2df1b0b41dd40ad5b547503117363a977527d0d36fc1 6583 gzip_1.6-5ubuntu1.2_amd64.buildinfo
 322f7a25fb281d27526661f672efec1b4e310c4140730a67aa26b59b98950ae3 90316 gzip_1.6-5ubuntu1.2_amd64.deb
Files:
 824e4c13f4f641e0da5aa59dda363ba0 103040 debug optional gzip-dbgsym_1.6-5ubuntu1.2_amd64.ddeb
 dea5c250f323d3d5f3d61c1ac7aa7985 68988 utils extra gzip-win32_1.6-5ubuntu1.2_all.deb
 c8f04e8d50eb82c1289cc8fb35d73ae6 6583 utils required gzip_1.6-5ubuntu1.2_amd64.buildinfo
 b43bc49a1bdb302bc1718fe72a5dbf0d 90316 utils required gzip_1.6-5ubuntu1.2_amd64.deb
Original-Maintainer: Bdale Garbee <bdale@gag.com>