I was investigating this for 20.04/Focal but assuming this is the same for 22.04/Jammy. The logs show 4 subtests around zip files failing. The in the details for the failures one sees this:
raise BadZipFile(f"Overlapped entries: {zinfo.orig_filename!r} (possible zip bomb)")
This correlates with a recent (Jul-09) update for python3.8 and 3.10:
* SECURITY UPDATE: zipbomb DoS attack
- debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying
to read an entry that overlaps with other entry or central
directory.
- CVE-2024-0450
The test files in diffoscope seem to trigger this and bail.
I was investigating this for 20.04/Focal but assuming this is the same for 22.04/Jammy. The logs show 4 subtests around zip files failing. The in the details for the failures one sees this:
raise BadZipFile( f"Overlapped entries: {zinfo. orig_filename! r} (possible zip bomb)")
This correlates with a recent (Jul-09) update for python3.8 and 3.10:
* SECURITY UPDATE: zipbomb DoS attack patches/ CVE-2024- 0450.patch: raise BadZipFile when trying
- debian/
to read an entry that overlaps with other entry or central
directory.
- CVE-2024-0450
The test files in diffoscope seem to trigger this and bail.