lp:ubuntu/trusty-updates/unzip

Created by Ubuntu Package Importer on 2015-01-14 and last modified on 2015-02-17
Get this branch:
bzr branch lp:ubuntu/trusty-updates/unzip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

28. By Marc Deslauriers on 2015-02-17

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/06-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

27. By Marc Deslauriers on 2015-01-29

* SECURITY UPDATE: heap overflow via mismatched block sizes
  - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
    uncompressed block sizes match when using STORED method in extract.c.
  - CVE-2014-9636

26. By Marc Deslauriers on 2015-01-07

* SECURITY UPDATE: CRC32 verification heap-based overflow
  - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
    length in extract.c.
  - CVE-2014-8139
* SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
  - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
    sizes in extract.c.
  - CVE-2014-8140
* SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
  - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
    in fileio.c, check sizes in process.c.
  - CVE-2014-8141

25. By Colin Watson on 2013-05-13

* Resynchronise with Debian. Remaining changes:
  - Add patch from archlinux which adds the -O option, allowing a charset
    to be specified for the proper unzipping of non-Latin and non-Unicode
    filenames.

24. By Colin Watson on 2012-12-13

* Resynchronise with Debian. Remaining changes:
  - Add patch from archlinux which adds the -O option, allowing a charset
    to be specified for the proper unzipping of non-Latin and non-Unicode
    filenames.
  - Use correct strip program when cross-building.

23. By Colin Watson on 2012-12-04

Use correct strip program when cross-building.

22. By Logan Rosen on 2012-08-05

* Merge from Debian unstable. Remaining change:
  - Added patch from archlinux which adds the -O option allowing a charset
  to be specified for the proper unzipping of non-latin and non-unicode
  filenames.
* Merge adds Multi-Arch: foreign. (LP: #1010450)

21. By Brian Thomason on 2011-01-12

Added patch from archlinux which adds the -O option allowing a charset
to be specified for the proper unzipping of non-latin and non-unicode
filenames. (LP: #580961)

20. By Santiago Vila on 2010-02-21

* Added homepage field to control file.
* Switch to 3.0 (quilt) source format.
* Support cross-build.

19. By Alexander Sack on 2010-03-07

rebuild rest of main for armel armv7/thumb2 optimization;
UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/vivid/unzip
This branch contains Public information 
Everyone can see this information.

Subscribers