Debian Security Advisory
DLA-330-1 unzip -- LTS security update
- Date Reported:
- 22 Oct 2015
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 802160, Bug 802162.
In Mitre's CVE dictionary: CVE-2015-7696, CVE-2015-7697.
- More information:
Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives.
For the Debian 6 squeeze, these issues haven been fixed in unzip 6.0-4+deb6u3.