[UVFe] Sync zziplib (0.13.49-2) from Debian unstable
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| zziplib (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
Rationale:
- CVE-2007-1614 fixed in the new version.
The new upstream version bumped the soname for the library.
The only rdepends outside zziplib is libogre14 (from ogre).
ogre builds with the new zziplib once the pkgconfig files from libzzip-dev are fixed.
I've done it manually inside a pbuilder environment to test if ogre still builds with this new version.
I've already reported this problem to Debian (Debian bug #439395).
Changelog:
zziplib (0.13.49-2) unstable; urgency=low
* debian/rules: added configure option --datadir, closes: #439395.
-- Anibal Monsalve Salazar <email address hidden> Sat, 25 Aug 2007 10:29:31 +1000
zziplib (0.13.49-1) unstable; urgency=low
* libzzip-0-13 Replaces & Conflicts: libzzip-0-12
-- Anibal Monsalve Salazar <email address hidden> Fri, 24 Aug 2007 08:41:46 +1000
zziplib (0.13.49-0) unstable; urgency=low
* New upstream version. Closes: #399617.
- zzip-config was removed by upstream maintainer.
- htmpages.ar was not shipped by upstream maintainer.
- new build dependency: python.
* Fixed: CVE-2007-1614 DoS and execution of arbitrary code.
Closes: #436701.
* Fixed the following lintian messages:
- W: zziplib source: substvar-
- W: zziplib source: debian-
-- Anibal Monsalve Salazar <email address hidden> Thu, 09 Aug 2007 18:47:38 +1000
CVE References
| Michael Bienia (geser) wrote | #1 |
| Michael Bienia (geser) wrote | #2 |
| Michael Bienia (geser) wrote | #3 |
| Scott Kitterman (kitterman) wrote | #4 |
| Chuck Short (zulcss) wrote | #5 |
| Sarah Kowalik (hobbsee-deactivatedaccount) wrote (no subject) | #6 |
| Changed in zziplib: | |
| status: | New → Triaged |
| description: | updated |
| Sebastien Bacher (seb128) wrote | #7 |
| Changed in zziplib: | |
| importance: | Undecided → Wishlist |
| status: | Triaged → Fix Released |
Ack from me then.