More information from Timo Warns: - Only libzip 0.10 is affected. - Stefan Cornelius has identified the precise commits that introduced the vulnerabilities: https://bugzilla.redhat.com/show_bug.cgi?id=802564 https://bugzilla.redhat.com/show_bug.cgi?id=803028 - As PHP and zipruby include older versions of libzip, they are not affected by the issues.
-- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
