Bug#776258: unblock: minizip/1.1-5
Here is the diff between testing and unstable.
diff -Nru minizip-1.1/debian/changelog minizip-1.1/debian/changelog
--- minizip-1.1/debian/changelog 2014-06-28 20:09:22.000000000 +0000
+++ minizip-1.1/debian/changelog 2015-01-26 00:37:35.000000000 +0000
@@ -1,3 +1,16 @@
+minizip (1.1-5) unstable; urgency=medium
+
+ * Complete fix for CVE-2014-9485: also handle relative path directory
+ traversal condition (closes: #774321).
+
+ -- Michael Gilbert <mgilbert@debian.org> Mon, 26 Jan 2015 00:35:05 +0000
+
+minizip (1.1-4) unstable; urgency=medium
+
+ * Fix a directory traversal issue in miniunzip (closes: #774321).
+
+ -- Michael Gilbert <mgilbert@debian.org> Wed, 31 Dec 2014 21:14:01 +0000
+
minizip (1.1-3) unstable; urgency=medium
* Conflict with libkml-dev (closes: #752926).
diff -Nru minizip-1.1/debian/patches/series minizip-1.1/debian/patches/series
--- minizip-1.1/debian/patches/series 2014-06-08 05:50:21.000000000 +0000
+++ minizip-1.1/debian/patches/series 2014-12-31 21:28:42.000000000 +0000
@@ -1 +1,2 @@
automake.patch
+traversal.patch
diff -Nru minizip-1.1/debian/patches/traversal.patch minizip-1.1/debian/patches/traversal.patch
--- minizip-1.1/debian/patches/traversal.patch 1970-01-01 00:00:00.000000000 +0000
+++ minizip-1.1/debian/patches/traversal.patch 2015-01-26 00:38:04.000000000 +0000
@@ -0,0 +1,16 @@
+description: fix directory traversal issue in miniunzip
+author: Michael Gilbert <mgilbert@debian.org>
+Bug-Debian: https://bugs.debian.org/774321
+
+--- a/miniunz.c
++++ b/miniunz.c
+@@ -354,6 +354,9 @@ int do_extract_currentfile(uf,popt_extra
+ else
+ write_filename = filename_withoutpath;
+
++ while (write_filename[0]=='/' || write_filename[0]=='.')
++ write_filename++;
++
+ err = unzOpenCurrentFilePassword(uf,password);
+ if (err!=UNZ_OK)
+ {
Reply to: