Debian alert DLA-3118-1 (unzip)

From:
             
 
Emilio Pozuelo Monfort <pochu@debian.org>
To:
             
 
<debian-lts-announce@lists.debian.org>
Subject:
             
 
[SECURITY] [DLA 3118-1] unzip security update
Date:
             
 
Thu, 22 Sep 2022 18:54:30 +0200
Message-ID:
             
 
<20220922165430.19FE72A0423@andromeda>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3118-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
September 22, 2022                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : unzip
Version        : 6.0-23+deb10u3
CVE ID         : CVE-2022-0529 CVE-2022-0530
Debian Bug     : 1010355

Sandipan Roy discovered two vulnerabilities in InfoZIP's unzip program,
a de-archiver for .zip files, which could result in denial of service
or potentially the execution of arbitrary code.

For Debian 10 buster, these problems have been fixed in version
6.0-23+deb10u3.

We recommend that you upgrade your unzip packages.

For the detailed security status of unzip please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/unzip

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmMsk0UACgkQnUbEiOQ2
gwJY1g/9EYxe94HbGE5wKeq6ffJYTRZw2OIdRc/JHxxCBkbaXwk2IyzF9z48hpfP
OsshmyYFzaHdKgV1Dts6PwgVVqokKH1jqKlmw6B89tY8OZxLzESB7gHyVTAEkbSJ
9jar0INcTNAlzSw6ew/wHRHxkdA/3j64MfuTZIzvqmmaFzuqJqT2gKd0bRFUm3Yd
HSVk8AT5rca2LzGqDlg2yaxn+R1XpiIgjV8cyZV3q0Ccn7coeGPQ0P1XLMX1zbnN
uEuhROMRte8LFvd9W+9I0vLSi0/qfoDaQEHBkA9m8oqo/3ASvuayE5bYrIG5fwHe
zLtB3DSkZsQHTZV95a+/AnB30Shgfeof1c5d1yJWB6gGaQUR3Otpi3DEm0PUFnU4
t+sDlc2U2aANByLtASP0kQ0DcFDD8vEkZsDv4NGM57nxHjLDF8QwXJCnq09JH5Iv
3GwvTiEQNLb9DxwS/8Gokjc/8+4goFyGDLK8MqixETRnwqx6/OTr0/mwiRwIY623
xzhTPSEf05ANDR5YQyYTG/QDlDnCTyyv7OcB7CH3ILpAoxJXkFIUpRD3oXuwKp6Q
D0OyMezJoQgZ0KbMcfu8+OMRpV/S3YRj+Fgtu47mLfFmfhtw2GvDBHndLZ2uGxBp
XQUG2NueY1lEbjzmM6kQUjNZezn44znEtzk86vw5UWLVHeMv2uk=
=8RtY
-----END PGP SIGNATURE-----