SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for unzip-doc-6.00-lp155.2.1.noarch.rpm :

* Thu Jun 29 2023 Sheng Huang - 6.00- Modify the build script to standardize the version number- Fix TW build
* Thu Jun 29 2023 Sheng Huang - 6.0- Added Features
* Added natspec patch for unzip, which fixes the encoding issue when extracting files with non-ASCII characters2.- Security Fixes This release of Unzip 6.0 addresses the following security vulnerabilities:
* CVE-2014-9636: An integer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file.
* CVE-2014-8139: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2014-8140: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2014-8141: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2015-7696: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2015-7697: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2016-9844: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2014-9913: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2018-1000035: A format string vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2022-0530: A stack overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2022-0529: A heap out-of-bounds write vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2018-18384: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2019-13232: A directory traversal vulnerability that could allow remote attackers to overwrite arbitrary files or execute arbitrary code via a crafted zip file with malicious filenames.
* CVE-2021-4217: A format string vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* Wed Jun 28 2023 Sheng Huang - version 6.0- Initial package
  
ICM