unzip (6.0-28) unstable; urgency=medium * Drop debian/source/lintian-overrides, obsolete since version 6.0-18. * Update URI for Info-ZIP license in copyright file. * Update standards version to 4.6.2. * Run wrap-and-sort. * Update Homepage. -- Santiago Vila <sanvila@debian.org> Sun, 19 Feb 2023 19:02:00 +0100 unzip (6.0-27) unstable; urgency=medium * Apply upstream patch for CVE-2022-0529 and CVE-2022-0530. - Fix null pointer dereference on invalid UTF-8 input. - Fix wide string conversion in process.c. Closes: #1010355. -- Santiago Vila <sanvila@debian.org> Tue, 02 Aug 2022 19:05:00 +0200 unzip (6.0-26) unstable; urgency=medium * Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996. - Fix bug in UZbunzip2() that incorrectly updated G.incnt. - Fix bug in UZinflate() that incorrectly updated G.incnt. * Avoid weird zipgrep errors when no members are present. Thanks to Kevin Locke. Closes: #972233. * Update dependency on debhelper. -- Santiago Vila <sanvila@debian.org> Sun, 10 Jan 2021 15:34:00 +0100 unzip (6.0-25) unstable; urgency=medium * Apply one more patch by Mark Adler: - Do not raise a zip bomb alert for a misplaced central directory. This should allow Firefox to build again. Closes: #932404. Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now. -- Santiago Vila <sanvila@debian.org> Sat, 27 Jul 2019 18:01:36 +0200 unzip (6.0-24) unstable; urgency=medium * Apply two patches by Mark Adler: - Fix bug in undefer_input() that misplaced the input state. - Detect and reject a zip bomb using overlapped entries. Closes: #931433. Bug discovered by David Fifield. For reference, this is CVE-2019-13232. -- Santiago Vila <sanvila@debian.org> Thu, 11 Jul 2019 18:03:34 +0200 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog unzip`.
Generated by dwww version 1.15 on Sun Jun 16 16:02:24 CEST 2024.