Format: 1.8 Date: Fri, 08 Apr 2022 07:12:17 -0400 Source: gzip Binary: gzip gzip-win32 Architecture: i386 Version: 1.6-5ubuntu1.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gzip - GNU compression utilities gzip-win32 - GNU compression utility (win32 build) Changes: gzip (1.6-5ubuntu1.2) bionic-security; urgency=medium . * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 Checksums-Sha1: 59ec5f762dfe1f4df207e74f443448dea14cc876 95344 gzip-dbgsym_1.6-5ubuntu1.2_i386.ddeb 35272d1088111313b2281e3623bd29c7eb8c7b54 5643 gzip_1.6-5ubuntu1.2_i386.buildinfo 25daca921869c56815f62dbaaef6bf1c1f429c24 91568 gzip_1.6-5ubuntu1.2_i386.deb Checksums-Sha256: e71de6d9a148379f9a7d64d1e7350b2d16a07d31624a20cd7fb3a3d6d1880860 95344 gzip-dbgsym_1.6-5ubuntu1.2_i386.ddeb 765169f01d2d1abca9a0c2290cc8a39cebd3f2988a15711127e5c5a74d625677 5643 gzip_1.6-5ubuntu1.2_i386.buildinfo bd603c814ab99eb7d6c35c99b187e100c7cd742c5d4644f6162b60254f55e9fe 91568 gzip_1.6-5ubuntu1.2_i386.deb Files: 85a6a3524f3c1500b9c1bb931aaeadb4 95344 debug optional gzip-dbgsym_1.6-5ubuntu1.2_i386.ddeb 37c88e28c8b2d21db0930b9cfa7d67df 5643 utils required gzip_1.6-5ubuntu1.2_i386.buildinfo ad6e82a81277569627e792bffa67275b 91568 utils required gzip_1.6-5ubuntu1.2_i386.deb Original-Maintainer: Bdale Garbee