Bug#926136: zziplib 0.13.62-3.2~deb9u1 flagged for acceptance

To: 926136@bugs.debian.org
Cc: 926136-submitter@bugs.debian.org
Subject: Bug#926136: zziplib 0.13.62-3.2~deb9u1 flagged for acceptance
From: Adam D Barratt <adam@adam-barratt.org.uk>
Date: Sun, 14 Apr 2019 10:20:20 +0000
Message-id: <[🔎] E1hFcFI-0001yk-6H@coccia.debian.org>
Reply-to: Adam D Barratt <adam@adam-barratt.org.uk>, 926136@bugs.debian.org
References: <155406327062.13952.12460694532084693974.reportbug@lorien.valinor.li>

Control: tags -1 + pending

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian stretch.

Thanks for your contribution!

Upload details
==============

Package: zziplib
Version: 0.13.62-3.2~deb9u1

Explanation: fix invalid memory access in zzip_disk_fread [CVE-2018-6381], bus error in zzip_disk_findfirst function in zzip/mmapped.c [CVE-2018-6540], out of bound read in mmapped.c:zzip_disk_fread() [CVE-2018-7725], Bus error in zip.c:__zzip_parse_root_directory[] cause crash via crafted zip file [CVE-2018-7726], memory leak triggered in the function __zzip_parse_root_directory in zip.c [CVE-2018-16548]; reject ZIP file if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file [CVE-2018-6484, CVE-2018-6541, CVE-2018-6869]

Reply to:

Prev by Date: Processed: pyca 20031119-0.1~deb9u1 flagged for acceptance
Next by Date: Bug#926050: python-pip 9.0.1-2+deb9u1 flagged for acceptance
Previous by thread: Processed: pyca 20031119-0.1~deb9u1 flagged for acceptance
Next by thread: Processed: zziplib 0.13.62-3.2~deb9u1 flagged for acceptance
Index(es):
- Date
- Thread