Hi, On Fri, 6 Mar 2026 09:45:53 +0100 Sylvain Beucler <[email protected]> wrote:
As the full debdiff is very noisy due to all the new upstream code, care was taken to create a step-by-step minimal import on top of v22, for review: https://salsa.debian.org/debian/7zip/-/tree/debian/bookworm
I meant to link the recent commit history: https://salsa.debian.org/debian/7zip/-/commits/debian/bookworm I also improved the changelog with CVE short description and BTS link: - CVE-2023-31102: Ppmd7.c allows an integer underflow and invalid read operation via a crafted 7Z archive. - CVE-2023-40481: SquashFS File Parsing Out-Of-Bounds Write RCE - CVE-2024-11612: CopyCoder Infinite Loop Denial-of-Service - CVE-2025-11001: ZIP File Parsing Directory Traversal RCE - CVE-2025-11002: ZIP File Parsing Directory Traversal RCE - CVE-2025-53817: null pointer dereference in the Compound handler may lead to denial of service - CVE-2025-55188: does not always properly handle symbolic links during extraction. (Closes: #1111068) Should I upload? :) Cheers! Sylvain Beucler Debian LTS Team
