Skip to content

[RFC] system/unzip: change upstream to Debian (#123)

Max Rees requested to merge debian-unzip into master

Debian's patches close several CVEs, including a few of which I wasn't even aware. They also include the patches we were already carrying:

These were plucked directly from Debian so the names are the same:

  • 10-unzip-handle-pkware-verify.patch
  • 20-unzip-uidgid-fix.patch

Our unzip-6.0-heap-overflow-infloop.patch is covered by Debian's:

  • 14-cve-2015-7696.patch
  • 15-cve-2015-7697.patch
  • 16-fix-integer-underflow-csiz-decrypted.patch
Edited by Max Rees

Merge request reports