Debian Security Advisory

DLA-330-1 unzip -- LTS security update

Date Reported:
22 Oct 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 802160, Bug 802162.
In Mitre's CVE dictionary: CVE-2015-7696, CVE-2015-7697.
More information:

Gustavo Grieco discovered with a fuzzer that unzip was vulnerable to a heap overflow and to a denial of service with specially crafted password-protected ZIP archives.

For the Debian 6 squeeze, these issues haven been fixed in unzip 6.0-4+deb6u3.