Univention Bugzilla – Bug 55219
unzip: Multiple issues (5.0)
Last modified: 2022-09-29 12:38:51 CEST
New Debian unzip 6.0-23+deb10u3 fixes: This update addresses the following issues: * Heap out-of-bound writes and reads during conversion of wide string to local string (CVE-2022-0529) * SIGSEGV during the conversion of an utf-8 string to a local string (CVE-2022-0530)
--- mirror/ftp/pool/main/u/unzip/unzip_6.0-23+deb10u2.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/unzip_6.0-23+deb10u3.dsc @@ -1,3 +1,9 @@ +6.0-23+deb10u3 [Thu, 22 Sep 2022 18:25:09 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Non-maintainer upload by the LTS Team. + * CVE-2022-0530: segmentation fault on invalid input. + * CVE-2022-0529: heap buffer overwrite. Closes: #1010355. + 6.0-23+deb10u2 [Sun, 10 Jan 2021 16:12:00 +0100] Santiago Vila <sanvila@debian.org>: * Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996. <http://piuparts.knut.univention.de/5.0-2/#7537919656330046991>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 6a530a6581 Bug #55219: unzip 6.0-23+deb10u3 doc/errata/staging/unzip.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [5.0-2] a9ab8e7c3a Bug #55219: unzip 6.0-23+deb10u3 doc/errata/staging/unzip.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x441>