Package: unzip / 6.0-16

Metadata

Package Version Patches format
unzip 6.0-16 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 manpages in section 1 not in section 1l | (download)

man/funzip.1 | 8 4 + 4 - 0 !
man/unzip.1 | 24 12 + 12 - 0 !
man/unzipsfx.1 | 32 16 + 16 - 0 !
man/zipgrep.1 | 8 4 + 4 - 0 !
man/zipinfo.1 | 10 5 + 5 - 0 !
5 files changed, 41 insertions(+), 41 deletions(-)

 
 in debian, manpages are in section 1, not in section 1l
X-Debian-version: 5.52-3
02 branding patch this is debian unzip | (download)

unzip.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 
 "branding patch": unzip by debian. original by info-zip.
X-Debian-version: 5.52-5
03 include unistd for kfreebsd | (download)

unix/unxcfg.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 #include <unistd.h> for kfreebsd
Bug-Debian: http://bugs.debian.org/340693
X-Debian-version: 5.52-8
04 handle pkware verification bit | (download)

process.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 
 handle the pkware verification bit of internal attributes
Bug-Debian: http://bugs.debian.org/630078
X-Debian-version: 6.0-5
05 fix uid gid handling | (download)

process.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 restore uid and gid information when requested
Bug-Debian: http://bugs.debian.org/689212
X-Debian-version: 6.0-8
06 initialize the symlink flag | (download)

process.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 
 initialize the symlink flag
Bug-Debian: http://bugs.debian.org/717029
X-Debian-version: 6.0-10
07 increase size of cfactorstr | (download)

list.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 increase size of cfactorstr array to avoid buffer overflow
Bug-Debian: http://bugs.debian.org/741384
X-Debian-version: 6.0-11
08 allow greater hostver values | (download)

zipinfo.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 zipinfo.c: do not crash when hostver byte is >= 100
09 cve 2014 8139 crc overflow | (download)

extract.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 
 fix cve-2014-8139: crc32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722
10 cve 2014 8140 test compr eb | (download)

extract.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 
 fix cve-2014-8140: out-of-bounds write issue in test_compr_eb()
Bug-Debian: http://bugs.debian.org/773722
11 cve 2014 8141 getzip64data | (download)

fileio.c | 9 8 + 1 - 0 !
process.c | 68 51 + 17 - 0 !
2 files changed, 59 insertions(+), 18 deletions(-)

 
 fix cve-2014-8141: out-of-bounds read issues in getzip64data()
Bug-Debian: http://bugs.debian.org/773722
12 cve 2014 9636 test compr eb | (download)

extract.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 
 info-zip unzip buffer overflow
Bug-Debian: http://bugs.debian.org/776589

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.