Ubuntu
unzip package

lp:ubuntu/warty-security/unzip

  1. Warty (4.10)
  2. warty-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/warty-security/unzip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

5. By Martin Pitt

Previous security update scrambled the output fields in the contents
listing, fix that regression.

4. By Martin Pitt

* SECURITY UPDATE: Arbitrary code execution on specially crafted long file
  names (which should not happen in many scenarios, though).
* unzpriv.h, Info macro:
  - Use snprintf() instead of sprintf() as inner formatting function.
  - Use fputs() instead of fprintf() as outer function to ignore leftover
    format strings which might not have been substituted in the inner
    snprintf().
  - Throw away the three different implementations of that macro and use
    just one safe one.
* unix/unix.c, do_wild():
  - Replace unchecked strcpy() calls from user provided file argument to
    statically sized buffer with strncpy() and ensure null termination.
* CVE-2005-4667

3. By Martin Pitt

* SECURITY UPDATE: Fix file permission modification race.
* unix/unix.c: Use fchmod() instead of chmod() to change permissions on the
  files unzip actually created, not the files another attacker might have
  hardlinked to in the meantime.
* CAN-2005-2475

2. By Santiago Vila

Added unshrinking support (Closes: #252563).

1. By Santiago Vila

Import upstream version 5.51

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/unzip
This branch contains Public information 
Everyone can see this information.

Subscribers