Univention Bugzilla – Bug 54286
zziplib: Multiple issues (4.4)
Last modified: 2022-01-05 17:58:56 CET
New Debian zziplib 0.13.62-3.2~deb9u2 fixes: This update addresses the following issue: * infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/zziplib_0.13.62-3.2~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/zziplib_0.13.62-3.2~deb9u2.dsc @@ -1,3 +1,10 @@ +0.13.62-3.2~deb9u2 [Sun, 26 Dec 2021 00:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2020-18442 + Because of mishandling a return value, an attacker might cause a + denial of service due to an infinite loop. + 0.13.62-3.2~deb9u1 [Sun, 31 Mar 2019 22:02:00 +0200] Salvatore Bonaccorso <carnil@debian.org>: * Rebuild for stretch. <http://piuparts.knut.univention.de/4.4-8/#8328939731134797337>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] c127e55c62 Bug #54286: zziplib 0.13.62-3.2~deb9u2 doc/errata/staging/zziplib.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1146>