Changelog for
unzip-doc-6.00-150000.4.11.1.x86_64.rpm :
* Wed Sep 21 2022 danilo.spinellaAATTsuse.com- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch- Fix CVE-2022-0529, Heap out-of-bound writes and reads during conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
* Thu Oct 11 2018 kstreitovaAATTsuse.com- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in list.c [bsc#1110194] [CVE-2018-18384]
* Wed Jun 27 2018 kstreitovaAATTsuse.com- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is unable to process Windows zip64 archives because Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher [bnc#910683]- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap overflow for STORED field data [bnc#914442] [CVE-2014-9636]
* Thu Feb 08 2018 kbabiochAATTsuse.com- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
* Thu Jul 06 2017 nico.kruberAATTgmail.com- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was causing errors testing valid jar files: $ unzip -t foo.jar Archive: foo.jar testing: META-INF/ bad extra-field entry: EF block length (0 bytes) invalid (< 4) testing: META-INF/MANIFEST.MF OK testing: foo OK (see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139 where the updated patch was taken from)
* Wed Feb 15 2017 josef.moellersAATTsuse.com- Fixed two potential buffer overflows. The patches were extracted from http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and http://antinode.info/ftp/info-zip/unzip60/list.c (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913, CVE-2016-9844.patch, CVE-2014-9913.patch)
* Wed Oct 12 2016 josef.moellersAATTsuse.com- When decrypting an encrypted file, quit early if compressed size < HEAD_LEN. When extracting avoid an infinite loop if a file never finishes unzipping. (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697, CVE-2015-7696.patch, CVE-2015-7697.patch)
* Thu Jun 16 2016 tchvatalAATTsuse.com- Require properly the update-alternatives to not throw out errors when installing in OBS chroot
* Mon Jan 26 2015 tbehrensAATTsuse.com- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in the CRC32 verification (fixes bnc#909214)- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error (
*_8349_
*) shows a problem in extract.c:test_compr_eb(), and: read errors (
*_6430_
*,
*_3422_
*) show problems in process.c:getZip64Data() (fixes bnc#909214)
* Sun Dec 21 2014 meissnerAATTsuse.com- build with PIE