[Bug 1820524] Re: Sync zziplib 0.13.62-3.2 (main) from Debian unstable (main)

Mon, 18 Mar 2019 02:31:08 -0700 

This bug was fixed in the package zziplib - 0.13.62-3.2
Sponsored for Logan Rosen (logan)

---------------
zziplib (0.13.62-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
  * Reject the ZIP file and report it as corrupt if the size of the central
    directory and/or the offset of start of central directory point beyond the
    end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
    (Closes: #889089)
  * bus error in zzip_disk_findfirst function in zzip/mmapped.c
    (CVE-2018-6540) (Closes: #923659)
  * out of bound read in mmapped.c:zzip_disk_fread() causes crash
    (CVE-2018-7725) (Closes: #913165)
  * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
    zip file (CVE-2018-7726) (Closes: #913165)
  * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
    (CVE-2018-16548) (Closes: #910335)

 -- Salvatore Bonaccorso <car...@debian.org>  Mon, 04 Mar 2019 22:43:14
+0100

** Changed in: zziplib (Ubuntu)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16548

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6381

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6484

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6540

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6541

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6869

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7725

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-7726

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1820524

Title:
  Sync zziplib 0.13.62-3.2 (main) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zziplib/+bug/1820524/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to