[SECURITY] [DLA 741-1] unzip security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 741-1] unzip security update
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 13 Dec 2016 16:32:55 +0100
Message-id: <[🔎] 20161213153255.n4vwbva6mpudrjaf@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, debian-lts-announce@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : unzip
Version        : 6.0-8+deb7u6
CVE ID         : CVE-2014-9913 CVE-2016-9844
Debian Bug     : 847485 847486

"unzip -l" (CVE-2014-9913) and "zipinfo" (CVE-2016-9844) were vulnerable
to buffer overflows when provided malformed or maliciously-crafted ZIP
files.

For Debian 7 "Wheezy", these problems have been fixed in version
6.0-8+deb7u6.

We recommend that you upgrade your unzip packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 732-3] monit regression update
Next by Date: [SECURITY] [DLA 742-1] chrony security update
Previous by thread: [SECURITY] [DLA 732-3] monit regression update
Next by thread: [SECURITY] [DLA 742-1] chrony security update
Index(es):
- Date
- Thread