Format: 1.8 Date: Fri, 08 Apr 2022 07:12:17 -0400 Source: gzip Binary: gzip gzip-win32 Architecture: arm64 Version: 1.6-5ubuntu1.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gzip - GNU compression utilities gzip-win32 - GNU compression utility (win32 build) Changes: gzip (1.6-5ubuntu1.2) bionic-security; urgency=medium . * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 Checksums-Sha1: 0545b218a5893e85f4f00443dadff45700f2741f 103272 gzip-dbgsym_1.6-5ubuntu1.2_arm64.ddeb 1a7c418d4fdbd3cc46d4d605344d0b3d36f46320 5615 gzip_1.6-5ubuntu1.2_arm64.buildinfo bce943e714244264e5fd985d3b235ff0a7f17d3a 82616 gzip_1.6-5ubuntu1.2_arm64.deb Checksums-Sha256: 415a0541eb7cd52552a7abd24bc0db2b29c910c725ada585f8a385d7c4971057 103272 gzip-dbgsym_1.6-5ubuntu1.2_arm64.ddeb 56c433c7e347228bb174aa8fac04ff27225f9cec0770de193cd98b92f7627b73 5615 gzip_1.6-5ubuntu1.2_arm64.buildinfo ad5159b131ad3d1c59d1fac48502f1cf1e3493351e0c4c79e327e9a30b8a19c3 82616 gzip_1.6-5ubuntu1.2_arm64.deb Files: 12f067efabaadc3e0bb6148ee0a65f27 103272 debug optional gzip-dbgsym_1.6-5ubuntu1.2_arm64.ddeb a7dd3392757eee02355470b8467cee0f 5615 utils required gzip_1.6-5ubuntu1.2_arm64.buildinfo 9c4cb0429e680ac98af9ce6c54dce87c 82616 utils required gzip_1.6-5ubuntu1.2_arm64.deb Original-Maintainer: Bdale Garbee