Your message dated Thu, 22 Oct 2015 10:23:07 +0000
with message-id <[email protected]>
and subject line Bug#802162: fixed in unzip 6.0-19
has caused the Debian Bug report #802162,
regarding CVE-2015-7696: unzip: Heap buffer overflow when extracting
password-protected archive
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
802162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802162
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: unzip
Version: 6.0-18
Severity: normal
Tags: security
A heap overflow triggered by unzipping a file with password issue has been found
from unzip. Proof-of-concept file can be downloaded from:
http://seclists.org/oss-sec/2015/q3/att-512/sigxcpu_zip.bin (unzip -p
- -P x sigsegv.zip).
Announcement: http://www.openwall.com/lists/oss-security/2015/09/07/4
- --
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJWIrSbAAoJECet96ROqnV06ZcQAMOlKFF2J7P5Zo9/Yi41Zbsp
beaW07xTB9xZehsuIbadGJBcRKfN5GLyeL+RxsNgh58Hes3ooiyPDXO1nIMoIW7i
wblk7oRWKMTn/9tw7jekeZ80XycJ3srXkOzGBoEJKG3Ay1dXD+CHyI1qu9fW/jyD
kQMrm8nEhF44uQb5Qw7nA1hRZY9M4Pg8wuo2T6ES8zeKWtTeZhfEckT0O+PHStDk
k9AkxAKhe8u+2ZAkIUocmYIECZJ6rUwgW7yAfQar2hzDBM7AyKESITVOTj1hdyux
cTfuInTP/2wwJfTLnV3sSeSyeEdSdP8+IHMC8hK2x/yPhFSrlodlKxLWw28qWPcI
dcemZrsuUEB93FlVDJHu/4vd26PGT1X3Ep8wvVp6SYwo9915PFUuz3fw66EfzlpX
3+mIZxZn7M7YMJP3su9x9ul3AHhdgr8NoyAWoMknO01dOQgJgNa2WdkUJxDnob/9
hthAZxizMiy+5sY1VaogAxzQpIT2DuQYagmzTuGjuKbwo/X5X4dEWUCyRq1hgqby
ALDFFrF5QTb+fUAkO7nqnSXcB/VUbcZesH2YW5MQ/FdbGZub30ip5f5J0b/Qcck9
xtAjGy/WwbcdnIcEZleTXFmUTstw7EkYXagGJdiJ18WgvPNdBE1zxTQSyg6SzxdD
y9Gwt/S2ykcNLpmKWBzR
=UsPo
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: unzip
Source-Version: 6.0-19
We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated unzip package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 22 Oct 2015 12:12:46 +0200
Source: unzip
Binary: unzip
Architecture: source
Version: 6.0-19
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Description:
unzip - De-archiver for .zip files
Closes: 802160 802162
Changes:
unzip (6.0-19) unstable; urgency=medium
.
* Fix infinite loop when extracting password-protected archive.
This is CVE-2015-7697. Closes: #802160.
* Fix heap overflow when extracting password-protected archive.
This is CVE-2015-7696. Closes: #802162.
* Fix additional unsigned overflow on invalid input.
* Thanks a lot to Raphaƫl Hertzog for the squeeze-lts release,
from which this upload is mainly derived.
Checksums-Sha1:
f0195938e7aa520a307870dfb7b24d6d5338ee1b 1329 unzip_6.0-19.dsc
e9365b87fff0d7c5c1888568b33bc88008f9b60c 16616 unzip_6.0-19.debian.tar.xz
Checksums-Sha256:
44ff301e56edc2dedc4b180d781966363b48ae613ca4b677876c17dd40243647 1329
unzip_6.0-19.dsc
1dbe8726dbb4ce7ac645e4700421d3a30650bd257ffe2271ac4be8dc4c939208 16616
unzip_6.0-19.debian.tar.xz
Files:
9aed6673bd2113f3ef6dc862a8541a8d 1329 utils optional unzip_6.0-19.dsc
eace08b51823c3cec0db075171184728 16616 utils optional
unzip_6.0-19.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWKLbuAAoJEEHOfwufG4syynwH/jX+92YSPA3uUbKBv3MTEJI/
oXP4ffn+ibSIbhb0Uuwedi4ZadxCOG2JKvpdgw0sla6IGgPMRf3DMSIZ0feTz3lo
qUoeWt12OJu7w12borIbRaMC3RlgPa0xfQUENut5v+AIEtQhkQKQPrq8cYm3vuw/
2JECzZiND45oGe295jxaHBlrwRsfR80Kp19CRqjsLQNlXYS8Drpw68nDP92siI+g
8C5zA3ZN0n6ndzXrWOaFW/or2XTTvrX/0q8PJab8LYdPBn9Pqsp64qwKiwpx9cJp
u91tgGmIOuy6WVAir/6GCtEtffADKJ+0JD3SeUZq88qQmbl4wi5lHboh2A4RD6Q=
=5aUy
-----END PGP SIGNATURE-----
--- End Message ---
