unzip (6.0-4ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution via
heap overflow
- debian/patches/14-cve-2015-7696: add check to crypt.c.
- CVE-2015-7696
* SECURITY UPDATE: infinite loop when extracting empty bzip2 data
- debian/patches/15-cve-2015-7697: check for empty input in extract.c.
- CVE-2015-7697
* SECURITY UPDATE: unsigned overflow on invalid input
- debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
csiz_decrypted doesn't overflow in extract.c.
- No CVE number
Date: 2015-10-29 14:39:42.517086+00:00
Changed-By: Marc Deslauriers <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/unzip/6.0-4ubuntu2.4
Sorry, changesfile not available.
--
Precise-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes
