Package: unzip / 6.0-23+deb10u2
Metadata
Package | Version | Patches format |
---|---|---|
unzip | 6.0-23+deb10u2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01 manpages in section 1 not in section 1l.patch | (download) |
man/funzip.1 |
8 4 + 4 - 0 ! |
in debian, manpages are in section 1, not in section 1l X-Debian-version: 5.52-3 |
02 this is debian unzip.patch | (download) |
unzip.c |
3 1 + 2 - 0 ! |
"branding patch": unzip by debian. original by info-zip. X-Debian-version: 5.52-5 |
03 include unistd for kfreebsd.patch | (download) |
unix/unxcfg.h |
1 1 + 0 - 0 ! |
#include <unistd.h> for kfreebsd Bug-Debian: https://bugs.debian.org/340693 X-Debian-version: 5.52-8 |
04 handle pkware verification bit.patch | (download) |
process.c |
7 7 + 0 - 0 ! |
handle the pkware verification bit of internal attributes Bug-Debian: https://bugs.debian.org/630078 X-Debian-version: 6.0-5 |
05 fix uid gid handling.patch | (download) |
process.c |
6 3 + 3 - 0 ! |
restore uid and gid information when requested Bug-Debian: https://bugs.debian.org/689212 X-Debian-version: 6.0-8 |
06 initialize the symlink flag.patch | (download) |
process.c |
6 6 + 0 - 0 ! |
initialize the symlink flag Bug-Debian: https://bugs.debian.org/717029 X-Debian-version: 6.0-10 |
07 increase size of cfactorstr.patch | (download) |
list.c |
2 1 + 1 - 0 ! |
increase size of cfactorstr array to avoid buffer overflow Bug-Debian: https://bugs.debian.org/741384 X-Debian-version: 6.0-11 |
08 allow greater hostver values.patch | (download) |
zipinfo.c |
2 1 + 1 - 0 ! |
zipinfo.c: do not crash when hostver byte is >= 100 |
09 cve 2014 8139 crc overflow.patch | (download) |
extract.c |
17 14 + 3 - 0 ! |
fix cve-2014-8139: crc32 verification heap-based overflow Bug-Debian: https://bugs.debian.org/773722 |
10 cve 2014 8140 test compr eb.patch | (download) |
extract.c |
13 10 + 3 - 0 ! |
fix cve-2014-8140: out-of-bounds write issue in test_compr_eb() Bug-Debian: https://bugs.debian.org/773722 |
11 cve 2014 8141 getzip64data.patch | (download) |
fileio.c |
9 8 + 1 - 0 ! |
fix cve-2014-8141: out-of-bounds read issues in getzip64data() Bug-Debian: https://bugs.debian.org/773722 |
12 cve 2014 9636 test compr eb.patch | (download) |
extract.c |
10 10 + 0 - 0 ! |
info-zip unzip buffer overflow Bug-Debian: https://bugs.debian.org/776589 By carefully crafting a corrupt ZIP archive with "extra fields" that purport to have compressed blocks larger than the corresponding uncompressed blocks in STORED no-compression mode, an attacker can trigger a heap overflow that can result in application crash or possibly have other unspecified impact. This patch ensures that when extra fields use STORED mode, the "compressed" and uncompressed block sizes match. |
13 remove build date.patch | (download) |
unix/unix.c |
2 1 + 1 - 0 ! |
remove build date Bug-Debian: https://bugs.debian.org/782851 In order to make unzip build reproducibly, we remove the (already optional) build date from the binary. |
14 cve 2015 7696.patch | (download) |
crypt.c |
12 11 + 1 - 0 ! |
upstream fix for heap overflow Bug-Debian: https://bugs.debian.org/802162 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 |
15 cve 2015 7697.patch | (download) |
extract.c |
6 6 + 0 - 0 ! |
fix infinite loop when extracting empty bzip2 data Bug-Debian: https://bugs.debian.org/802160 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 |
16 fix integer underflow csiz decrypted.patch | (download) |
extract.c |
11 10 + 1 - 0 ! |
[patch] extract: prevent unsigned overflow on invalid input |
17 restore unix timestamps accurately.patch | (download) |
process.c |
11 7 + 4 - 0 ! |
do not ignore extra fields containing unix timestamps Bug-Debian: https://bugs.debian.org/842993 X-Debian-version: 6.0-21 |
18 cve 2014 9913 unzip buffer overflow.patch | (download) |
list.c |
13 12 + 1 - 0 ! |
fix cve-2014-9913, buffer overflow in unzip Bug: https://sourceforge.net/p/infozip/bugs/27/ Bug-Debian: https://bugs.debian.org/847485 Bug-Ubuntu: https://launchpad.net/bugs/387350 X-Debian-version: 6.0-21 |
19 cve 2016 9844 zipinfo buffer overflow.patch | (download) |
zipinfo.c |
13 12 + 1 - 0 ! |
fix cve-2016-9844, buffer overflow in zipinfo Bug-Debian: https://bugs.debian.org/847486 Bug-Ubuntu: https://launchpad.net/bugs/1643750 X-Debian-version: 6.0-21 |
20 cve 2018 1000035 unzip buffer overflow.patch | (download) |
fileio.c |
14 13 + 1 - 0 ! |
fix buffer overflow in password protected zip archives Bug-Debian: https://bugs.debian.org/889838 |
21 fix warning messages on big files.patch | (download) |
fileio.c |
1 1 + 0 - 0 ! |
fix lame code in fileio.c Bug-Debian: https://bugs.debian.org/929502 X-Debian-version: 6.0-23 |
22 cve 2019 13232 fix bug in undefer input.patch | (download) |
fileio.c |
4 3 + 1 - 0 ! |
fix bug in undefer_input() that misplaced the input state. |
23 cve 2019 13232 zip bomb with overlapped entries.patch | (download) |
extract.c |
190 189 + 1 - 0 ! |
detect and reject a zip bomb using overlapped entries. |
24 cve 2019 13232 do not raise alert for misplaced central directory.patch | (download) |
extract.c |
25 19 + 6 - 0 ! |
do not raise a zip bomb alert for a misplaced central directory. |
25 cve 2019 13232 fix bug in uzbunzip2.patch | (download) |
extract.c |
2 1 + 1 - 0 ! |
fix bug in uzbunzip2() that incorrectly updated g.incnt |
26 cve 2019 13232 fix bug in uzinflate.patch | (download) |
inflate.c |
2 1 + 1 - 0 ! |
fix bug in uzinflate() that incorrectly updated g.incnt. |