Format: 1.8 Date: Fri, 08 Apr 2022 07:04:04 -0400 Source: gzip Binary: gzip Built-For-Profiles: noudeb Architecture: riscv64 Version: 1.10-4ubuntu1.1 Distribution: impish Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gzip - GNU compression utilities Changes: gzip (1.10-4ubuntu1.1) impish-security; urgency=medium . * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 Checksums-Sha1: f33cce8b46f44027950e70b5a4ff668dfb2abec1 106414 gzip-dbgsym_1.10-4ubuntu1.1_riscv64.ddeb 32a7d21446d0c5af5cb2098b4aa46e26153480e1 6009 gzip_1.10-4ubuntu1.1_riscv64.buildinfo b0ce0d6bbdf69bf33c352c2954951bff4e892c29 95364 gzip_1.10-4ubuntu1.1_riscv64.deb Checksums-Sha256: 2b4cc7cbf329642b36dbb444e79b7ddeb93d0119be62407958690c47538d604f 106414 gzip-dbgsym_1.10-4ubuntu1.1_riscv64.ddeb ebb06f5d616d642730dd7b1a98191a86cd26d102f53c9ca4814c31a2635731b9 6009 gzip_1.10-4ubuntu1.1_riscv64.buildinfo aca259fe71e88fdfdbf36436cd663bd1ad1d1a346533ebb2c04b651e4772d4ec 95364 gzip_1.10-4ubuntu1.1_riscv64.deb Files: e1e3abb00ec3e19ec89661ec1f5ebf78 106414 debug optional gzip-dbgsym_1.10-4ubuntu1.1_riscv64.ddeb ff55d0f75ebf9e8f66a5aca72c00fd42 6009 utils required gzip_1.10-4ubuntu1.1_riscv64.buildinfo e7233a836f9f418cf91ccb4ce167402d 95364 utils required gzip_1.10-4ubuntu1.1_riscv64.deb Original-Maintainer: Milan Kupcevic