Sync zziplib 0.13.62-3.2 (main) from Debian unstable (main)

Bug #1820524 reported by Logan Rosen on 2019-03-17
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zziplib (Ubuntu)
Wishlist
Unassigned

Bug Description

Please sync zziplib 0.13.62-3.2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726
All CVE fixes are now in Debian, plus one new one (for CVE-2018-16548) that we don't currently have.

Changelog entries since current disco version 0.13.62-3.1ubuntu1:

zziplib (0.13.62-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
  * Reject the ZIP file and report it as corrupt if the size of the central
    directory and/or the offset of start of central directory point beyond the
    end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
    (Closes: #889089)
  * bus error in zzip_disk_findfirst function in zzip/mmapped.c
    (CVE-2018-6540) (Closes: #923659)
  * out of bound read in mmapped.c:zzip_disk_fread() causes crash
    (CVE-2018-7725) (Closes: #913165)
  * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
    zip file (CVE-2018-7726) (Closes: #913165)
  * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
    (CVE-2018-16548) (Closes: #910335)

 -- Salvatore Bonaccorso <email address hidden> Mon, 04 Mar 2019 22:43:14 +0100

Logan Rosen (logan) on 2019-03-17
Changed in zziplib (Ubuntu):
importance: Undecided → Wishlist
Dmitry Shachnev (mitya57) wrote :

This bug was fixed in the package zziplib - 0.13.62-3.2
Sponsored for Logan Rosen (logan)

---------------
zziplib (0.13.62-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
  * Reject the ZIP file and report it as corrupt if the size of the central
    directory and/or the offset of start of central directory point beyond the
    end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
    (Closes: #889089)
  * bus error in zzip_disk_findfirst function in zzip/mmapped.c
    (CVE-2018-6540) (Closes: #923659)
  * out of bound read in mmapped.c:zzip_disk_fread() causes crash
    (CVE-2018-7725) (Closes: #913165)
  * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
    zip file (CVE-2018-7726) (Closes: #913165)
  * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
    (CVE-2018-16548) (Closes: #910335)

 -- Salvatore Bonaccorso <email address hidden> Mon, 04 Mar 2019 22:43:14 +0100

Changed in zziplib (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers