Control: tags -1 + pending Hi,
The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch. Thanks for your contribution! Upload details ============== Package: zziplib Version: 0.13.62-3.2~deb9u1 Explanation: fix invalid memory access in zzip_disk_fread [CVE-2018-6381], bus error in zzip_disk_findfirst function in zzip/mmapped.c [CVE-2018-6540], out of bound read in mmapped.c:zzip_disk_fread() [CVE-2018-7725], Bus error in zip.c:__zzip_parse_root_directory[] cause crash via crafted zip file [CVE-2018-7726], memory leak triggered in the function __zzip_parse_root_directory in zip.c [CVE-2018-16548]; reject ZIP file if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file [CVE-2018-6484, CVE-2018-6541, CVE-2018-6869]
