[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Fedora Legacy Test Update Notification: zip

From: Marc Deslauriers <marcdeslauriers videotron ca>
To: fedora-legacy-list redhat com
Subject: Fedora Legacy Test Update Notification: zip
Date: Sat, 18 Dec 2004 14:19:11 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2004-2255
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2255
2004-12-18
---------------------------------------------------------------------

Name        : zip
7.3 Version : zip-2.3-26.1.0.7.3.legacy
9 Version   : zip-2.3-26.1.0.9.legacy
fc1 Version : zip-2.3-26.1.1.legacy
Summary     : A file compression and packaging utility compatible with
              PKZIP.
Description :
The zip program is a compression and file packaging utility. Zip is
analogous to a combination of the UNIX tar and compress commands and
is compatible with PKZIP, a compression and file packaging utility for
MS-DOS systems.

---------------------------------------------------------------------
Update Information:

An updated zip package that fixes a buffer overflow vulnerability is now
available.

The zip program is an archiving utility which can create ZIP-compatible
archives.

A buffer overflow bug has been discovered in zip when handling long file
names. An attacker could create a specially crafted path which could
cause zip to crash or execute arbitrary instructions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-1010 to this issue.

Users of zip should upgrade to this updated package, which contains
backported patches and is not vulnerable to this issue.

---------------------------------------------------------------------
7.3 changelog:

* Tue Nov 16 2004 Rob Myers <rob myers gtri gatech edu> 2.3-26.1.0.7.3.legacy - Rebuild for rh73 legacy - resolves CAN-2004-1010 (FL #2255)

* Mon Nov 08 2004 Lon Hohberger <lhh redhat com> 2.3-26.3
- Rebuild for FC-3

* Mon Nov 08 2004 Lon Hohberger <lhh redhat com> 2.3-26.2
- Fix buffer overflow. #138230

9 changelog:

* Tue Nov 16 2004 Rob Myers <rob myers gtri gatech edu> 2.3-26.1.0.9.legacy
- Rebuild for rh9 legacy
- resolves CAN-2004-1010 (FL #2255)

* Mon Nov 08 2004 Lon Hohberger <lhh redhat com> 2.3-26.3
- Rebuild for FC-3

* Mon Nov 08 2004 Lon Hohberger <lhh redhat com> 2.3-26.2
- Fix buffer overflow. #138230

fc1 changelog:

* Tue Nov 16 2004 Rob Myers <rob myers gtri gatech edu> 2.3-26.1.1.legacy
- Rebuild for fc1 legacy
- resolves CAN-2004-1010 (FL #2255)

* Mon Nov 08 2004 Lon Hohberger <lhh redhat com> 2.3-26.3
- Rebuild for FC-3

* Mon Nov 08 2004 Lon Hohberger <lhh redhat com> 2.3-26.2
- Fix buffer overflow. #138230

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

7b1134632529e30a471d2ae038f414f407ac0d3e redhat/7.3/updates-testing/i386/zip-2.3-26.1.0.7.3.legacy.i386.rpm 8db58039a432c0f0c9ff01e07b9190ad23ac4413 redhat/7.3/updates-testing/SRPMS/zip-2.3-26.1.0.7.3.legacy.src.rpm 95966b2b9fdac8f17c74226c3c033b24dd6c9226 redhat/9/updates-testing/i386/zip-2.3-26.1.0.9.legacy.i386.rpm 92b76aadb2e46b57dd9b71927dada7b1c1154dae redhat/9/updates-testing/SRPMS/zip-2.3-26.1.0.9.legacy.src.rpm 9ef4498e118ca6b4a8f72b02fecde57924d51267 fedora/1/updates-testing/i386/zip-2.3-26.1.1.legacy.i386.rpm 2dcdfc8e6ac63e2b74cf7c781c078773e0265eb8 fedora/1/updates-testing/SRPMS/zip-2.3-26.1.1.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- Re: Fedora Legacy Test Update Notification: zip
  - From: Jim Popovitch

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]