Ubuntu
diffoscope package

  1. Bug #2073410
  2. Comment #1

Comment 1 for bug 2073410

Revision history for this message
Stefan Bader (smb) wrote : Re: diffoscope/205 ADT test failure with linux/5.15.0-118.128

I was investigating this for 20.04/Focal but assuming this is the same for 22.04/Jammy. The logs show 4 subtests around zip files failing. The in the details for the failures one sees this:

raise BadZipFile(f"Overlapped entries: {zinfo.orig_filename!r} (possible zip bomb)")

This correlates with a recent (Jul-09) update for python3.8 and 3.10:

  * SECURITY UPDATE: zipbomb DoS attack
    - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying
      to read an entry that overlaps with other entry or central
      directory.
    - CVE-2024-0450

The test files in diffoscope seem to trigger this and bail.