Debian Bug report logs - #1010355
unzip: CVE-2022-0529 CVE-2022-0530

Display info messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Enrico Zini <enrico@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Fri, 29 Apr 2022 13:27:33 +0200

[Message part 1 (text/plain, inline)]

Package: unzip
Version: 6.0-21+deb9u2
Severity: serious
Tags: security upstream patch
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Fixed: 6.0-26

Hello,

details are at https://security-tracker.debian.org/tracker/CVE-2022-0530

stretch and buster segfault:

  $ unzip testcase-0530 
  Archive:  testcase-0530
  warning [testcase-0530]:  16 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  error [testcase-0530]:  reported length of central directory is
    -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
    zipfile?).  Compensating...
  error:  zipfile probably corrupt (segmentation violation)

bullseye errors out without valgrind issues reported:

  $ unzip testcase-0530
  Archive:  testcase-0530
  warning [testcase-0530]:  16 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  error [testcase-0530]:  reported length of central directory is
    -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
    zipfile?).  Compensating...
  mp/zip-unzip-0/7/source/workdir/������6a9f01ad36a4ac3b68815bf6f83b3ff_inpu㉴�����瑥:  mismatching "local" filename (mp/zip-unzip-0/7/source/workdir/������6a9f01ad36a4ac3b6881PK^G^HQ�V�^Q),
           continuing with "central" filename version
     skipping: mp/zip-unzip-0/7/source/workdir/������6a9f01ad36a4ac3b68815bf6f83b3ff_inpu㉴�����瑥  unable to get password

The main issue here seems to be at utf8_to_local_string, defined in
process.c:2606, which doesn't check the result of utf8_to_wide_string
for a NULL value.

I'm attaching a proposed patch that adds the missing error handling.


Enrico


-- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), LANGUAGE=en_IE:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unzip depends on:
ii  libbz2-1.0  1.0.8-4
ii  libc6       2.31-13+deb11u3

unzip recommends no packages.

Versions of packages unzip suggests:
ii  zip  3.0-12

-- no debconf information

[CVE-2022-0530.patch (text/plain, attachment)]

Message #10 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Santiago Vila <sanvila@unex.es>

To: Enrico Zini <enrico@debian.org>, 1010355@bugs.debian.org

Subject: Re: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Fri, 29 Apr 2022 13:44:08 +0200

El 29/4/22 a las 13:27, Enrico Zini escribió:
> Package: unzip
> Version: 6.0-21+deb9u2
> Severity: serious
> Tags: security upstream patch
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Thanks for the report. I would have preferred to reopen the already 
existing one, but nevermind (I asked security team a few weeks ago if 
there was already a CVE for this but got no reply).

I'll make uploads for stretch and bullseye.

Thanks.

Message #15 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Enrico Zini <enrico@debian.org>

To: 1010355@bugs.debian.org

Cc: team@security.debian.org

Subject: Re: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Fri, 29 Apr 2022 14:25:11 +0200

notfixed 6.0-26

Correction: the issue also affects 6.0-26, but is only reproducible
after export LANG=C


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

Message #20 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Santiago Vila <sanvila@unex.es>

To: "Stephen R. van den Berg" <srb@cuci.nl>

Cc: 1010355-forwarded@bugs.debian.org, 1010355@bugs.debian.org, Enrico Zini <enrico@debian.org>

Subject: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Sat, 30 Apr 2022 13:31:01 +0200

[Message part 1 (text/plain, inline)]

Hello Stephen.

Can you take a look at this? The Debian version of procmail in unstable 
has a patch for this which I took from git, and I was planning to just 
apply it to bullseye and buster, but apparently it's not enough to fix 
the issue.

Thanks.

-------- Mensaje reenviado --------
Asunto: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid 
UTF-8 input
Resent-Date: Fri, 29 Apr 2022 11:39:02 +0000
Resent-From: Enrico Zini <enrico@debian.org>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: team@security.debian.org, Santiago Vila <sanvila@debian.org>
Fecha: Fri, 29 Apr 2022 13:27:33 +0200
De: Enrico Zini <enrico@debian.org>
Responder a: Enrico Zini <enrico@debian.org>, 1010355@bugs.debian.org
Para: Debian Bug Tracking System <submit@bugs.debian.org>

Package: unzip
Version: 6.0-21+deb9u2
Severity: serious
Tags: security upstream patch
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Fixed: 6.0-26

Hello,

details are at https://security-tracker.debian.org/tracker/CVE-2022-0530

stretch and buster segfault:

  $ unzip testcase-0530   Archive:  testcase-0530
  warning [testcase-0530]:  16 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  error [testcase-0530]:  reported length of central directory is
    -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
    zipfile?).  Compensating...
  error:  zipfile probably corrupt (segmentation violation)

bullseye errors out without valgrind issues reported:

  $ unzip testcase-0530
  Archive:  testcase-0530
  warning [testcase-0530]:  16 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  error [testcase-0530]:  reported length of central directory is
    -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
    zipfile?).  Compensating...
  mp/zip-unzip-0/7/source/workdir 
/������6a9f01ad36a4ac3b68815bf6f83b3ff_inpu㉴�����瑥:  mismatching 
"local" filename 
(mp/zip-unzip-0/7/source/workdir/������6a9f01ad36a4ac3b6881PK^G^HQ�V�^Q),
           continuing with "central" filename version
     skipping: mp/zip-unzip-0/7/source/workdir 
/������6a9f01ad36a4ac3b68815bf6f83b3ff_inpu㉴�����瑥  unable to get password

The main issue here seems to be at utf8_to_local_string, defined in
process.c:2606, which doesn't check the result of utf8_to_wide_string
for a NULL value.

I'm attaching a proposed patch that adds the missing error handling.


Enrico


-- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unzip depends on:
ii  libbz2-1.0  1.0.8-4
ii  libc6       2.31-13+deb11u3

unzip recommends no packages.

Versions of packages unzip suggests:
ii  zip  3.0-12

-- no debconf information

[CVE-2022-0530.patch (text/plain, attachment)]

Message #28 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Santiago Vila <sanvila@unex.es>

To: 1010355@bugs.debian.org, control@bugs.debian.org

Subject: Wrong upstream

Date: Tue, 14 Jun 2022 17:46:54 +0200

notforwarded 1010355
thanks

Wrong upstream, this is unzip, not procmail.

Message #35 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Santiago Vila <sanvila@unex.es>

To: "Steven M. Schweda" <sms@antinode.info>

Cc: 1010355@bugs.debian.org, Enrico Zini <enrico@debian.org>

Subject: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Tue, 14 Jun 2022 19:06:37 +0200

[Message part 1 (text/plain, inline)]

Hello.

I received this from the Debian bug system.

There are actually two problems here. One of them is CVE-2022-0530
which is what the reported bug is about. For that I have the proposed 
patch by Enrico Zini which seems to fix the issue.

But the github repository containing the test cases, namely this:

https://github.com/ByteHackr/unzip_poc

contains a test case for yet another problem called CVE-2022-0529
which I would like to fix as well.

This is what I've done to reproduce the bug:

export LC_ALL=C
cd CVE-2022-0529
unzip testcase

and I get this:

Archive:  testcase
warning [testcase]:  303 extra bytes at beginning or within zipfile
  (attempting to process anyway)
error [testcase]:  reported length of central directory is
  -303 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
  zipfile?).  Compensating...
double free or corruption (out)

Any help will be appreciated.

Thanks.

-------- Forwarded Message --------
Subject: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid 
UTF-8 input
Date: Fri, 29 Apr 2022 13:27:33 +0200
From: Enrico Zini <enrico@debian.org>
Reply-To: Enrico Zini <enrico@debian.org>, 1010355@bugs.debian.org
To: Debian Bug Tracking System <submit@bugs.debian.org>

Package: unzip
Version: 6.0-21+deb9u2
Severity: serious
Tags: security upstream patch
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Fixed: 6.0-26

Hello,

details are at https://security-tracker.debian.org/tracker/CVE-2022-0530

stretch and buster segfault:

  $ unzip testcase-0530   Archive:  testcase-0530
  warning [testcase-0530]:  16 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  error [testcase-0530]:  reported length of central directory is
    -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
    zipfile?).  Compensating...
  error:  zipfile probably corrupt (segmentation violation)

bullseye errors out without valgrind issues reported:

  $ unzip testcase-0530
  Archive:  testcase-0530
  warning [testcase-0530]:  16 extra bytes at beginning or within zipfile
    (attempting to process anyway)
  error [testcase-0530]:  reported length of central directory is
    -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
    zipfile?).  Compensating...
  mp/zip-unzip-0/7/source/workdir 
/������6a9f01ad36a4ac3b68815bf6f83b3ff_inpu㉴�����瑥:  mismatching 
"local" filename 
(mp/zip-unzip-0/7/source/workdir/������6a9f01ad36a4ac3b6881PK^G^HQ�V�^Q),
           continuing with "central" filename version
     skipping: mp/zip-unzip-0/7/source/workdir 
/������6a9f01ad36a4ac3b68815bf6f83b3ff_inpu㉴�����瑥  unable to get password

The main issue here seems to be at utf8_to_local_string, defined in
process.c:2606, which doesn't check the result of utf8_to_wide_string
for a NULL value.

I'm attaching a proposed patch that adds the missing error handling.


Enrico


-- System Information:
Debian Release: 11.3
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-13-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_IE:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages unzip depends on:
ii  libbz2-1.0  1.0.8-4
ii  libc6       2.31-13+deb11u3

unzip recommends no packages.

Versions of packages unzip suggests:
ii  zip  3.0-12

-- no debconf information

[CVE-2022-0530.patch (text/plain, attachment)]

Message #43 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Enrico Zini <enrico@debian.org>

To: "Steven M. Schweda" <sms@antinode.info>

Cc: Santiago Vila <sanvila@unex.es>, 1010355@bugs.debian.org

Subject: Re: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Wed, 15 Jun 2022 09:34:23 +0200

[Message part 1 (text/plain, inline)]

On Tue, Jun 14, 2022 at 07:06:37PM +0200, Santiago Vila wrote:

> But the github repository containing the test cases, namely this:
> https://github.com/ByteHackr/unzip_poc
> contains a test case for yet another problem called CVE-2022-0529
> which I would like to fix as well.

Hello Steven and Santiago,

I'm attaching a proposed patch to fix CVE-2022-0529.


Enrico

-- 
GPG key: 4096R/634F4BD1E7AD5568 2009-05-08 Enrico Zini <enrico@enricozini.org>

[CVE-2022-0529.patch (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #48 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Santiago Vila <sanvila@unex.es>

To: Enrico Zini <enrico@debian.org>, team@security.debian.org, "Steven M. Schweda" <sms@antinode.info>, Mark Adler <madler@alumni.caltech.edu>, 1010355@bugs.debian.org

Subject: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Thu, 30 Jun 2022 14:16:55 +0200

[Message part 1 (text/plain, inline)]

Dear Steven and Mark:

I plan to apply the attached patches (from Enrico Zini) to fix 
CVE-2022-0529 and CVE-2022-0530 in Debian unzip, but before doing so I 
would like to have some feedback from upstream (i.e. you) or either from 
the Security Team (also in CC).

Details about the bug here:

https://bugs.debian.org/1010355

The test cases triggering the bug are here:

https://github.com/ByteHackr/unzip_poc

Thanks.

[28-cve-2022-0529-fix-wide-string-conversion.patch (text/x-patch, attachment)]

[29-cve-2022-0530-add-missing-error-handling.patch (text/x-patch, attachment)]

Message #53 received at 1010355@bugs.debian.org (full text, mbox, reply):

From: Moritz Mühlenhoff <jmm@inutil.org>

To: Santiago Vila <sanvila@unex.es>, sandipan@redhat.com

Cc: Enrico Zini <enrico@debian.org>, team@security.debian.org, "Steven M. Schweda" <sms@antinode.info>, Mark Adler <madler@alumni.caltech.edu>, 1010355@bugs.debian.org

Subject: Re: Fwd: Bug#1010355: CVE-2022-0530: null pointer dereference on invalid UTF-8 input

Date: Thu, 30 Jun 2022 16:21:37 +0200

Am Thu, Jun 30, 2022 at 02:16:55PM +0200 schrieb Santiago Vila:
> Dear Steven and Mark:
> 
> I plan to apply the attached patches (from Enrico Zini) to fix CVE-2022-0529
> and CVE-2022-0530 in Debian unzip, but before doing so I would like to have
> some feedback from upstream (i.e. you) or either from the Security Team
> (also in CC).
> 
> Details about the bug here:
> 
> https://bugs.debian.org/1010355
> 
> The test cases triggering the bug are here:
> 
> https://github.com/ByteHackr/unzip_poc

Hi,
note that we need some additional clarification on what the scope of
CVE-2022-0529 and CVE-2022-0530 is. Both originated from Red Hat Bugzilla:

-----------------------------------------------------------------------
https://bugzilla.redhat.com/show_bug.cgi?id=2051395 is the public reference
for CVE-2022-0530 and this links to a private Red Hat bug

SIGSEGV during the conversion of an utf-8 string to a local string:
https://bugzilla.redhat.com/show_bug.cgi?id=2048569
-----------------------------------------------------------------------
https://bugzilla.redhat.com/show_bug.cgi?id=2051402 is the public reference
for CVE-2022-0529 and this links to a different private Red Hat bug:

Heap out-of-bound writes and reads during conversion of wide string to local string
https://bugzilla.redhat.com/show_bug.cgi?id=2048572
-----------------------------------------------------------------------

The description of the CVE-2022-0529 Red Hat bugzilla entry indicates there is
more than the two proposed patches fix, the two patches don't address any
OOB heap write.

I'm adding the Red Hat engineer who created the bugs to CC, Sandipan Roy.

@Sandipan, the unzip upstream authors are CCed to this mail to land fixes
for the unzip vulnerabilities you found. Would it be possible to open up
bz#2048572 and bz#2048569 with the full details of these security vulnerabilities
so that upstream can review/merge the patches and clarify the status of CVE-2022-0529?

Cheers,
        Moritz

> Thanks.

> From: Enrico Zini <enrico@debian.org>
> Subject: Fix wide string conversion
> Bug-Debian: https://bugs.debian.org/1010355
> X-Debian-version: 6.0-27
> 
> --- a/process.c
> +++ b/process.c
> @@ -2507,13 +2507,15 @@
>    char buf[9];
>    char *buffer = NULL;
>    char *local_string = NULL;
> +  size_t buffer_size;
>  
>    for (wsize = 0; wide_string[wsize]; wsize++) ;
>  
>    if (max_bytes < MAX_ESCAPE_BYTES)
>      max_bytes = MAX_ESCAPE_BYTES;
>  
> -  if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
> +  buffer_size = wsize * max_bytes + 1;
> +  if ((buffer = (char *)malloc(buffer_size)) == NULL) {
>      return NULL;
>    }
>  
> @@ -2552,7 +2554,11 @@
>        /* no MB for this wide */
>          /* use escape for wide character */
>          char *escape_string = wide_to_escape_string(wide_string[i]);
> -        strcat(buffer, escape_string);
> +        size_t buffer_len = strlen(buffer);
> +        size_t escape_string_len = strlen(escape_string);
> +        if (buffer_len + escape_string_len + 1 > buffer_size)
> +          escape_string_len = buffer_size - buffer_len - 1;
> +        strncat(buffer, escape_string, escape_string_len);
>          free(escape_string);
>      }
>    }

> From: Enrico Zini <enrico@debian.org>
> Subject: Fix null pointer dereference on invalid UTF-8 input
> Bug-Debian: https://bugs.debian.org/1010355
> X-Debian-version: 6.0-27
> 
> --- a/fileio.c
> +++ b/fileio.c
> @@ -2361,6 +2361,9 @@
>                    /* convert UTF-8 to local character set */
>                    fn = utf8_to_local_string(G.unipath_filename,
>                                              G.unicode_escape_all);
> +                  if (fn == NULL)
> +                    return PK_ERR;
> +
>                    /* make sure filename is short enough */
>                    if (strlen(fn) >= FILNAMSIZ) {
>                      fn[FILNAMSIZ - 1] = '\0';
> --- a/process.c
> +++ b/process.c
> @@ -2611,6 +2611,8 @@
>    int escape_all;
>  {
>    zwchar *wide = utf8_to_wide_string(utf8_string);
> +  if (wide == NULL)
> +    return NULL;
>    char *loc = wide_to_local_string(wide, escape_all);
>    free(wide);
>    return loc;

Message #60 received at 1010355-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1010355-close@bugs.debian.org

Subject: Bug#1010355: fixed in unzip 6.0-27

Date: Tue, 02 Aug 2022 17:22:16 +0000

Source: unzip
Source-Version: 6.0-27
Done: Santiago Vila <sanvila@debian.org>

We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010355@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <sanvila@debian.org> (supplier of updated unzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 02 Aug 2022 19:05:00 +0200
Source: unzip
Architecture: source
Version: 6.0-27
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Closes: 1010355
Changes:
 unzip (6.0-27) unstable; urgency=medium
 .
   * Apply upstream patch for CVE-2022-0529 and CVE-2022-0530.
   - Fix null pointer dereference on invalid UTF-8 input.
   - Fix wide string conversion in process.c.
     Closes: #1010355.
Checksums-Sha1:
 d075f9b62c6033a4e1724239d305ea56f4f13d3f 1351 unzip_6.0-27.dsc
 b525844c96ffa0705f8dfc741f89a51976b1d3ed 24980 unzip_6.0-27.debian.tar.xz
 0d2533950c468fec6bd633b444b9a4ee7b4b9846 5240 unzip_6.0-27_source.buildinfo
Checksums-Sha256:
 e8cfa689ee6b99aefaec32985dee849d4b3308d9ae1f01ca36bea5f496cb8f1d 1351 unzip_6.0-27.dsc
 67bde7c71d52afd61aa936d4415c8d12fd90ca26e9637a3cd67cae9b71298c12 24980 unzip_6.0-27.debian.tar.xz
 3b4f31ae7eccea9a5b92cb7ac548777b5d9568af3de00697104d9a5a3542dbaf 5240 unzip_6.0-27_source.buildinfo
Files:
 9f047f40b1a89f90507e6754a805639a 1351 utils optional unzip_6.0-27.dsc
 637ad38fe0455dbabd7e2b21659a5224 24980 utils optional unzip_6.0-27.debian.tar.xz
 cebc74e9e7a066a46b7da3fa00b85743 5240 utils optional unzip_6.0-27_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmLpWpEACgkQQc5/C58b
izIy+gf9Fsqk02iUU6+SKHJYfXi8twiJAl60Fx6psPecErSgUO5PTArEnNiJDrkX
gxOLw9wkEH+jE4TdB+feMtIj2/SP5BrAY8Nlb5b6Vm8z9i77Qwc6Ju6phNywK7qO
Vv6GkgwzD4q4o2By0dT1hG+dqmNWa8hZ/ieJKmHqDOadTpCFczW6dSxgOLZKIKUi
k73VzsJBbXqnUjLrqyvG+CwlC+qfKX0DekhCCgSi2Lrj+P7Fc7zDdcBeqAzSzxbE
nfEWBXybRrnKW+rakpom2vYFfJEedJIsEnc7nnwpbAQ5bgHXdututeil/9k1K2DI
/cDRcnUs9cxhcLSuvMbPXDl5/Ni+Ig==
=2kmb
-----END PGP SIGNATURE-----

Message #71 received at 1010355-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 1010355-close@bugs.debian.org

Subject: Bug#1010355: fixed in unzip 6.0-26+deb11u1

Date: Sat, 13 Aug 2022 18:18:12 +0000

Source: unzip
Source-Version: 6.0-26+deb11u1
Done: Santiago Vila <sanvila@debian.org>

We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1010355@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <sanvila@debian.org> (supplier of updated unzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 07 Aug 2022 01:45:00 +0200
Source: unzip
Architecture: source
Version: 6.0-26+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Closes: 1010355
Changes:
 unzip (6.0-26+deb11u1) bullseye-security; urgency=medium
 .
   * Apply upstream patch for CVE-2022-0529 and CVE-2022-0530.
   - Fix null pointer dereference on invalid UTF-8 input.
   - Fix wide string conversion in process.c.
     Closes: #1010355.
Checksums-Sha1:
 561de8d8b7db2daf9ce360d9689e5d451f99b577 1383 unzip_6.0-26+deb11u1.dsc
 acde56ac8e532a3b3cf22415ba84b5d8a20f13bc 24996 unzip_6.0-26+deb11u1.debian.tar.xz
 33221eb735cb7b214e85c51000478b9fef11ed16 5509 unzip_6.0-26+deb11u1_source.buildinfo
Checksums-Sha256:
 44f7e29339e16ea91cffc121927ca6a36ce89230fbb1c31c4526ac6cbaa0df8c 1383 unzip_6.0-26+deb11u1.dsc
 7f15d1a95de7d8198348da54e56c6248863f84ad2a71c6302ddc9c1448639f00 24996 unzip_6.0-26+deb11u1.debian.tar.xz
 cd0d087820a17c05f3bd635d41358a79987f78c0b281837a2d5e5c5a9c0b4560 5509 unzip_6.0-26+deb11u1_source.buildinfo
Files:
 eebc91d07f521e9e78bd75f4c329bc62 1383 utils optional unzip_6.0-26+deb11u1.dsc
 73d14ef2cf5e0360478f6b9502acfffa 24996 utils optional unzip_6.0-26+deb11u1.debian.tar.xz
 1db6e4b7218b77a4827789ce82e98a54 5509 utils optional unzip_6.0-26+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmLu/WwACgkQQc5/C58b
izIiYgf/YCvh8QGtsCajsMEcXbbXkBOo3PzbSooLvIgv/X9duLh2GWQoeaTCc9KN
iJMZ741W364da2fnfNqO3OtMOBFWoChZ1jhD+OewFgEMLf8yyEnA6tutAeN6Mn41
WGhNXaEBVnn3kHkPnGvsQ8hzhte/EeyramagqdXfOQhbUmgach3oxlQ48BuvuBeL
n5Pu2pafe04zmVWZn/+2tpmcuoWxNKDgyX7iHrkNGIWqM9ZZb40cFL4O2DnlDr7f
yNTISWk5z+6KpjPsdUqjORmf4EXNzbyGrJWRXhZGVVHmMKcf7USX8Bw3W1qiRS16
fGuPwPYr39Ygivzn6g4MaPF27tL7vg==
=KglM
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.