Format: 1.8 Date: Fri, 08 Apr 2022 07:05:45 -0400 Source: gzip Binary: gzip Architecture: arm64 Version: 1.10-0ubuntu4.1 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: gzip - GNU compression utilities Changes: gzip (1.10-0ubuntu4.1) focal-security; urgency=medium . * SECURITY UPDATE: arbitrary file override with crafted file names - debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline file names in zgrep.in. - debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am, tests/zgrep-abuse. - debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in. - debian/patches/CVE-2022-1271-4.patch: optimize out a grep in gzexe.in. - debian/patches/CVE-2022-1271-5.patch: use C locale more often in gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in. - debian/patches/CVE-2022-1271-6.patch: fix "binary file matches" mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in. - debian/rules: fix permissions on new test scripts. - CVE-2022-1271 Checksums-Sha1: 9451dd836d94e6175f5d7fa012d6cfa66136ec67 104868 gzip-dbgsym_1.10-0ubuntu4.1_arm64.ddeb 84406c911d2ed8d9d0a52bb822a1a09f1bdff464 5653 gzip_1.10-0ubuntu4.1_arm64.buildinfo 9ae45feb4fe6c54a8cc7efc6727a9435a90b1565 92808 gzip_1.10-0ubuntu4.1_arm64.deb Checksums-Sha256: 11fb47526e9a932f540a6b9ad855c8539678fa5e8d9f2ab8b66a302ea292e36d 104868 gzip-dbgsym_1.10-0ubuntu4.1_arm64.ddeb 90dbef80003616a4679865c5e8865b6ed4513706dcaaecef8d6d14f21cdc58b7 5653 gzip_1.10-0ubuntu4.1_arm64.buildinfo 48523ad7f3fc64fa108548f6b06897547db9ca3fa71d43a49fe4b87cf6c2af65 92808 gzip_1.10-0ubuntu4.1_arm64.deb Files: a81bcbfd9b3fc3b95a446bce47d2dc29 104868 debug optional gzip-dbgsym_1.10-0ubuntu4.1_arm64.ddeb 7f15d4a44b27a846ddf2a56104a136a3 5653 utils required gzip_1.10-0ubuntu4.1_arm64.buildinfo ecf7373bc1c3a3205dc4b59b385d34ca 92808 utils required gzip_1.10-0ubuntu4.1_arm64.deb Original-Maintainer: Bdale Garbee