-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : unzip Version : 6.0-4+deb6u1 CVE ID : CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Debian Bug : 773722
Michele Spagnuolo of the Google Security Team discovered that unzip, an extraction utility for archives compressed in .zip format, is affected by heap-based buffer overflows within the CRC32 verification function (CVE-2014-8139), the test_compr_eb() function (CVE-2014-8140) and the getZip64Data() function (CVE-2014-8141), which may lead to the execution of arbitrary code. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQJ8BAEBCgBmBQJUoFPCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHSawP/jQF1XxApYrUooJyx+F+JyOT iveIkw9+x/5FP1gbhkd1kd2FsvC11Ywe6FnnJ6CJButmd0aj0crcw+Ufyw+3A5GU 3/EYxaZPXyH+afIRQBtPEwNr5eSadP3DEU3uXKKbPkcNxR8ZqBpL1HrGcTM4hD7d ezy7GM10/JC/qhgzfvIwavPqelYJjrlPkupKFm7WcX5lNf6LmWkYCrANNu+/Bgbe OES29rLCs9IHgDCaXACoxF0rOLn22SSb9eW41NFQsq6jQ91Uh/AgTKV1LItE6azD dNkIY6SmDYhO2N+GsYhUssLbW4KRJNAVstYuX6Aih87zeZnKbMOUhbpj0iKylG3s gKWP2l9n/ZNPhuQOPtWBV9FRWZeS28/G+UXDoR0tiu84bVpvA4YvqAHzpSrU3B9G /veteuJAgYhS/ks1haVzgKR81FS0GzbrsdexHk8yaKq1LN7gfggE5UfKAZFnz4rP dv3/wNTO2dDcXj4CHMC8Z1b6cpYs0eo8rnWoiKdNqQIt8POdt1rtWVBYweor56eO 2eVJZg+W3s9U8///3rSGWhj6v61w6orYZ+h5BcLmbyc3Xk5s02/ofGJasmco+IO0 T9V9k+hBKFr6KVocsiTurIe31t0NZV1nJgePNPVJel5h2X6PwJS/Rz4QOZhBGp3m SHQZDdPT57mYPTCYrB0O =vSOZ -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
