subject:"Bug#776258\: unblock\: minizip\/1.1\-5"

Bug#776258: unblock: minizip/1.1-5

2015-01-25 Thread Michael Gilbert

Here is the diff between testing and unstable.
diff -Nru minizip-1.1/debian/changelog minizip-1.1/debian/changelog
--- minizip-1.1/debian/changelog	2014-06-28 20:09:22.0 +
+++ minizip-1.1/debian/changelog	2015-01-26 00:37:35.0 +
@@ -1,3 +1,16 @@
+minizip (1.1-5) unstable; urgency=medium
+
+  * Complete fix for CVE-2014-9485: also handle relative path directory
+traversal condition (closes: #774321).
+
+ -- Michael Gilbert   Mon, 26 Jan 2015 00:35:05 +
+
+minizip (1.1-4) unstable; urgency=medium
+
+  * Fix a directory traversal issue in miniunzip (closes: #774321).
+
+ -- Michael Gilbert   Wed, 31 Dec 2014 21:14:01 +
+
 minizip (1.1-3) unstable; urgency=medium
 
   * Conflict with libkml-dev (closes: #752926).
diff -Nru minizip-1.1/debian/patches/series minizip-1.1/debian/patches/series
--- minizip-1.1/debian/patches/series	2014-06-08 05:50:21.0 +
+++ minizip-1.1/debian/patches/series	2014-12-31 21:28:42.0 +
@@ -1 +1,2 @@
 automake.patch
+traversal.patch
diff -Nru minizip-1.1/debian/patches/traversal.patch minizip-1.1/debian/patches/traversal.patch
--- minizip-1.1/debian/patches/traversal.patch	1970-01-01 00:00:00.0 +
+++ minizip-1.1/debian/patches/traversal.patch	2015-01-26 00:38:04.0 +
@@ -0,0 +1,16 @@
+description: fix directory traversal issue in miniunzip
+author: Michael Gilbert 
+Bug-Debian: https://bugs.debian.org/774321
+
+--- a/miniunz.c
 b/miniunz.c
+@@ -354,6 +354,9 @@ int do_extract_currentfile(uf,popt_extra
+ else
+ write_filename = filename_withoutpath;
+ 
++while (write_filename[0]=='/' || write_filename[0]=='.')
++write_filename++;
++
+ err = unzOpenCurrentFilePassword(uf,password);
+ if (err!=UNZ_OK)
+ {

Bug#776258: unblock: minizip/1.1-5

2015-01-25 Thread Michael Gilbert

Package: release.debian.org
User: release.debian@packages.debian.org
Usertags: unblock
Severity: normal

Please consider unblocking minizip.  It fixes a directory traversal
security flaw (bug #774321).

unblock minizip/1.1-5


-- 
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CANTw=mnqf3hqola1is3p9seyj6upjtuepyo356fbks-yjs8...@mail.gmail.com

Bug#776258: unblock: minizip/1.1-5

Bug#776258: unblock: minizip/1.1-5

2 matches

Site Navigation

Mail list logo

Footer information