unzip (6.0-28) unstable; urgency=medium
* Drop debian/source/lintian-overrides, obsolete since version 6.0-18.
* Update URI for Info-ZIP license in copyright file.
* Update standards version to 4.6.2.
* Run wrap-and-sort.
* Update Homepage.
-- Santiago Vila <sanvila@debian.org> Sun, 19 Feb 2023 19:02:00 +0100
unzip (6.0-27) unstable; urgency=medium
* Apply upstream patch for CVE-2022-0529 and CVE-2022-0530.
- Fix null pointer dereference on invalid UTF-8 input.
- Fix wide string conversion in process.c.
Closes: #1010355.
-- Santiago Vila <sanvila@debian.org> Tue, 02 Aug 2022 19:05:00 +0200
unzip (6.0-26) unstable; urgency=medium
* Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996.
- Fix bug in UZbunzip2() that incorrectly updated G.incnt.
- Fix bug in UZinflate() that incorrectly updated G.incnt.
* Avoid weird zipgrep errors when no members are present.
Thanks to Kevin Locke. Closes: #972233.
* Update dependency on debhelper.
-- Santiago Vila <sanvila@debian.org> Sun, 10 Jan 2021 15:34:00 +0100
unzip (6.0-25) unstable; urgency=medium
* Apply one more patch by Mark Adler:
- Do not raise a zip bomb alert for a misplaced central directory.
This should allow Firefox to build again. Closes: #932404.
Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.
-- Santiago Vila <sanvila@debian.org> Sat, 27 Jul 2019 18:01:36 +0200
unzip (6.0-24) unstable; urgency=medium
* Apply two patches by Mark Adler:
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries. Closes: #931433.
Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
-- Santiago Vila <sanvila@debian.org> Thu, 11 Jul 2019 18:03:34 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog unzip`.
Generated by dwww version 1.15 on Thu May 23 22:40:36 CEST 2024.