Re: Wheezy update of unzip?

To: Chris Lamb <lamby@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: Wheezy update of unzip?
From: Santiago Vila <sanvila@unex.es>
Date: Sun, 11 Dec 2016 21:21:01 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.11.1612112114580.15594@tulipan.isla-invisible.es>
In-reply-to: <[🔎] 1481221530.3850287.812913689.086B29EB@webmail.messagingengine.com>
References: <[🔎] 1481221530.3850287.812913689.086B29EB@webmail.messagingengine.com>

Hi. I've just uploaded unzip 6.0-21 for unstable, which fixes both
CVE-2014-9913 and CVE-2016-9844.

You will need this from debian/patches:

18-cve-2014-9913-unzip-buffer-overflow.patch
19-cve-2016-9844-zipinfo-buffer-overflow.patch

but for wheezy I would drop again the .patch ending I've just added to
all patches to be consistent with the other debian/patches/* in wheezy
(but this is only my personal sense of aesthetics, since this is a
do-o-crazy, whoever makes the LTS version decides about this :-)

Thanks.

Reply to:

References:
- Wheezy update of unzip?
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Wheezy update of xrdp?
Next by Date: LTS frontdesk duties for 19th Dec → 1st Jan
Previous by thread: Re: Wheezy update of unzip?
Next by thread: Wheezy update of zlib?
Index(es):
- Date
- Thread