This bug was fixed in the package zip - 3.0-15ubuntu1
---------------
zip (3.0-15ubuntu1) questing; urgency=medium
* Merge with Debian unstable (LP: #2110052).
Remaining changes:
- d/t: add some basic smoke test
Can be dropped when Debian bug 1104090 makes progress.
Dropped changes (upstreamed in Debian):
- d/p/13-buffer-overflow.patch: Fix buffer overflow when filename contains
unicode characters (LP 2062535)
- d/p/14-buffer-overflow.patch:
Fix buffer overflow when invoked with `-T -TT` (LP 2093024)
zip (3.0-15) unstable; urgency=medium
* Add debian/source/lintian-overrides for *.a files.
* Fix manpage typo: RISC OS/2 -> OS/2. Closes: #1092811.
* Fix buffer overflow when filename contains unicode characters.
Closes: #1077054, #1093629.
* Fix buffer overflow when using '-T -TT'. Closes: #903196, #1093629.
This is CVE-2018-13410. CVE note: Negligible security impact, would
involve that a untrusted party controls the -TT value.
* Fix symlink update detection. Closes: #1005943.
* Add Vcs-Git and Vcs-Browser fields.
* Update Standards-Version.
* Add debian/salsa-ci.yml.
-- Florent 'Skia' Jacquet <[email protected]> Tue, 06 May
2025 16:51:29 +0200
** Changed in: zip (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13410
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2110052
Title:
Merge 3.0-15 into questing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zip/+bug/2110052/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
