Changelog for
unzip-doc-6.00-2.3.noarch.rpm :
* Thu Jun 29 2023 Sheng Huang
- 6.00- Modify the build script to standardize the version number- Fix TW build
* Thu Jun 29 2023 Sheng Huang - 6.0- Added Features
* Added natspec patch for unzip, which fixes the encoding issue when extracting files with non-ASCII characters2.- Security Fixes This release of Unzip 6.0 addresses the following security vulnerabilities:
* CVE-2014-9636: An integer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file.
* CVE-2014-8139: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2014-8140: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2014-8141: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2015-7696: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2015-7697: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2016-9844: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2014-9913: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with long filenames.
* CVE-2018-1000035: A format string vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2022-0530: A stack overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2022-0529: A heap out-of-bounds write vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2018-18384: A buffer overflow vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* CVE-2019-13232: A directory traversal vulnerability that could allow remote attackers to overwrite arbitrary files or execute arbitrary code via a crafted zip file with malicious filenames.
* CVE-2021-4217: A format string vulnerability that could allow remote attackers to execute arbitrary code or cause a denial of service via a crafted zip file with malicious filenames.
* Wed Jun 28 2023 Sheng Huang - version 6.0- Initial package