Ubuntu
zziplib package

Sync zziplib 0.13.62-3.2 (main) from Debian unstable (main)

Bug #1820524 reported by Logan Rosen
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zziplib (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync zziplib 0.13.62-3.2 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726
All CVE fixes are now in Debian, plus one new one (for CVE-2018-16548) that we don't currently have.

Changelog entries since current disco version 0.13.62-3.1ubuntu1:

zziplib (0.13.62-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
  * Reject the ZIP file and report it as corrupt if the size of the central
    directory and/or the offset of start of central directory point beyond the
    end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
    (Closes: #889089)
  * bus error in zzip_disk_findfirst function in zzip/mmapped.c
    (CVE-2018-6540) (Closes: #923659)
  * out of bound read in mmapped.c:zzip_disk_fread() causes crash
    (CVE-2018-7725) (Closes: #913165)
  * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
    zip file (CVE-2018-7726) (Closes: #913165)
  * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
    (CVE-2018-16548) (Closes: #910335)

 -- Salvatore Bonaccorso <email address hidden> Mon, 04 Mar 2019 22:43:14 +0100

Logan Rosen (logan)
Changed in zziplib (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Dmitry Shachnev (mitya57) wrote :

This bug was fixed in the package zziplib - 0.13.62-3.2
Sponsored for Logan Rosen (logan)

---------------
zziplib (0.13.62-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
  * Reject the ZIP file and report it as corrupt if the size of the central
    directory and/or the offset of start of central directory point beyond the
    end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
    (Closes: #889089)
  * bus error in zzip_disk_findfirst function in zzip/mmapped.c
    (CVE-2018-6540) (Closes: #923659)
  * out of bound read in mmapped.c:zzip_disk_fread() causes crash
    (CVE-2018-7725) (Closes: #913165)
  * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
    zip file (CVE-2018-7726) (Closes: #913165)
  * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
    (CVE-2018-16548) (Closes: #910335)

 -- Salvatore Bonaccorso <email address hidden> Mon, 04 Mar 2019 22:43:14 +0100

Changed in zziplib (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.