Format: 1.8 Date: Fri, 08 Apr 2022 07:12:17 -0400 Source: gzip Binary: gzip gzip-win32 Architecture: s390x Version: 1.6-5ubuntu1.2 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gzip - GNU compression utilities gzip-win32 - GNU compression utility (win32 build) Changes: gzip (1.6-5ubuntu1.2) bionic-security; urgency=medium . * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 Checksums-Sha1: d0fa1bc61bfc55d7762add6f77ff084904186995 103468 gzip-dbgsym_1.6-5ubuntu1.2_s390x.ddeb 2defa22188bb59fe445d111332b2f800cfcfe173 5541 gzip_1.6-5ubuntu1.2_s390x.buildinfo 44d1a521322bf85a3da1086f8048e6897ea5f1e6 87744 gzip_1.6-5ubuntu1.2_s390x.deb Checksums-Sha256: a575679a29d95874286688c460e96b9a87aaf7e5057c89e9e6d0849d9d89e242 103468 gzip-dbgsym_1.6-5ubuntu1.2_s390x.ddeb 78a53a6178e9cb1b624ba4c103e94ccf46c29c684546f8197e26481263e8a722 5541 gzip_1.6-5ubuntu1.2_s390x.buildinfo 0789af2770c5d95585ecdad7ef4053cf957308265edfae30f55475f1bac4a50c 87744 gzip_1.6-5ubuntu1.2_s390x.deb Files: 7c429b05060a36e9d3e935a1120e2025 103468 debug optional gzip-dbgsym_1.6-5ubuntu1.2_s390x.ddeb 60c0ca53e7f8269d64eafb85bf0cf46b 5541 utils required gzip_1.6-5ubuntu1.2_s390x.buildinfo df337294afb01f64eb7fdc5a2b11c2ed 87744 utils required gzip_1.6-5ubuntu1.2_s390x.deb Original-Maintainer: Bdale Garbee