Package: unzip Version: 6.0-25 Severity: normal File: /usr/bin/unzip Dear Maintainer,
When using unzip to attempt to extract a zip file containing certain bzip2-compressed files, unzip fails after extracting the first file with the error, "not enough memory for bomb detection". Versions without the bomb detection patches seem to have no problems handling bzip2 decompression. Not all bzip2-compressed files produce this error. To test this, I compressed the files "zip.h" and "zipinfo.c" from the unpatched unzip sources with the command "zip -Z bzip2 test.zip zip.h zipinfo.c", moved test.zip, and attempted to extract with "unzip test.zip". This resulted in zip.h getting extracted, followed by the aforementioned error message. zipinfo.c was not extracted. Changing the order of the files to "zip -Z bzip2 test.zip zipinfo.c zip.h" resulted in both files being extracted, with the error once again after zip.h. Compressing each file by itself also resulted in an error when extracting zip.h, albeit with the file being produced successfully, and no problems with zipinfo.c. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-2-amd64 (SMP w/2 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages unzip depends on: ii libbz2-1.0 1.0.8-3 ii libc6 2.30-8 unzip recommends no packages. Versions of packages unzip suggests: ii zip 3.0-11+b1 -- no debconf information
