Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi Please unblock package libzip, it fixes CVE-2015-2331, #780756: > libzip (0.11.2-1.2) unstable; urgency=high > > * Non-maintainer upload. > * Add CVE-2015-2331.patch patch. > CVE-2015-2331: ZIP integer overflow leads to writing past heap boundary. > (Closes: #780756) > > -- Salvatore Bonaccorso <car...@debian.org> Fri, 20 Mar 2015 20:17:45 +0100 Attached is the full debdiff as well. unblock libzip/0.11.2-1.2 Regards, Salvatore -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru libzip-0.11.2/debian/changelog libzip-0.11.2/debian/changelog --- libzip-0.11.2/debian/changelog 2014-08-06 15:40:49.000000000 +0200 +++ libzip-0.11.2/debian/changelog 2015-03-20 20:18:20.000000000 +0100 @@ -1,3 +1,12 @@ +libzip (0.11.2-1.2) unstable; urgency=high + + * Non-maintainer upload. + * Add CVE-2015-2331.patch patch. + CVE-2015-2331: ZIP integer overflow leads to writing past heap boundary. + (Closes: #780756) + + -- Salvatore Bonaccorso <car...@debian.org> Fri, 20 Mar 2015 20:17:45 +0100 + libzip (0.11.2-1.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru libzip-0.11.2/debian/patches/CVE-2015-2331.patch libzip-0.11.2/debian/patches/CVE-2015-2331.patch --- libzip-0.11.2/debian/patches/CVE-2015-2331.patch 1970-01-01 01:00:00.000000000 +0100 +++ libzip-0.11.2/debian/patches/CVE-2015-2331.patch 2015-03-20 20:18:20.000000000 +0100 @@ -0,0 +1,18 @@ +Description: CVE-2015-2331: ZIP integer overflow +Origin: https://github.com/php/php-src/commit/ec779124cb7279493ce1ca1088d1aaa32e82479a +Bug-Debian: https://bugs.debian.org/780756 +Forwarded: not-needed +Author: Salvatore Bonaccorso <car...@debian.org> +Last-Update: 2015-03-20 + +--- a/lib/zip_dirent.c ++++ b/lib/zip_dirent.c +@@ -110,7 +110,7 @@ _zip_cdir_new(zip_uint64_t nentry, struc + + if (nentry == 0) + cd->entry = NULL; +- else if ((cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { ++ else if (nentry > ((size_t)-1)/sizeof(*(cd->entry)) || (cd->entry=(struct zip_entry *)malloc(sizeof(*(cd->entry))*(size_t)nentry)) == NULL) { + _zip_error_set(error, ZIP_ER_MEMORY, 0); + free(cd); + return NULL; diff -Nru libzip-0.11.2/debian/patches/series libzip-0.11.2/debian/patches/series --- libzip-0.11.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libzip-0.11.2/debian/patches/series 2015-03-20 20:18:20.000000000 +0100 @@ -0,0 +1 @@ +CVE-2015-2331.patch
