I was investigating this for 20.04/Focal but assuming this is the same
for 22.04/Jammy. The logs show 4 subtests around zip files failing. The
in the details for the failures one sees this:
raise BadZipFile(f"Overlapped entries: {zinfo.orig_filename!r} (possible
zip bomb)")
This correlates with a recent (Jul-09) update for python3.8 and 3.10:
* SECURITY UPDATE: zipbomb DoS attack
- debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying
to read an entry that overlaps with other entry or central
directory.
- CVE-2024-0450
The test files in diffoscope seem to trigger this and bail.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-0450
** Summary changed:
- diffoscope/205 ADT test failure with linux/5.15.0-118.128
+ diffoscope/137+205 ADT test failure in Focal/Jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073410
Title:
diffoscope/137+205 ADT test failure in Focal/Jammy
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/diffoscope/+bug/2073410/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
