Ubuntu
unzip package

lp:ubuntu/gutsy-security/unzip

Gutsy (7.10)
gutsy-security

Created by James Westby on 2009-06-28 and last modified on 2009-06-28

Get this branch:: bzr branch lp:ubuntu/gutsy-security/unzip

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

15. By Kees Cook on 2008-03-19: * SECURITY UPDATE: arbitrary code execution via heap corruption.
* inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
* References
CVE-2008-0888
14. By Matthias Klose on 2007-07-17: * Merge with Debian; remaining changes:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.
  - support UTF-8 file names.
13. By Matthias Klose on 2007-03-31: Apply patch from https://bugzilla.altlinux.org/long_list.cgi?buglist=4871
to support UTF-8 file names. Ubuntu #10979.
12. By Matthias Klose on 2007-03-05: * Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address.
11. By Michael Vogt on 2006-11-22: Merge from debian unstable.
10. By Martin Pitt on 2006-06-30: * Merge from debian unstable; only Ubuntu changes left:
- debian/rules: Configure with large file support.
- unzip.c: Change banner to indicate Ubuntu modification.
9. By Martin Pitt on 2006-03-23: * const.h, process.c: Limit the maximum length of displayed file names to
512 bytes, to avoid spewage with excessively long file names (which caused
buffer overflows until the recent security fix for CVE-2005-4667).
* Thanks to Santiago Vila for pointing this out.
8. By Martin Pitt on 2006-02-15: Previous security update scrambled the output fields in the contents
listing, fix that regression.
7. By Martin Pitt on 2006-02-10: * SECURITY UPDATE: Arbitrary code execution on specially crafted long file
  names (which should not happen in many scenarios, though).
* unzpriv.h, Info macro:
  - Use snprintf() instead of sprintf() as inner formatting function.
  - Use fputs() instead of fprintf() as outer function to ignore leftover
    format strings which might not have been substituted in the inner
    snprintf().
  - Throw away the three different implementations of that macro and use
    just one safe one.
  - CVE-2005-4667
6. By Michael Vogt on 2005-12-28: Resynchronise with Debian.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/unzip

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuunzip package