CentOS 7 - Updates for x86_64: applications/archiving: zziplib-utils
zziplib-utils - Utilities for the zziplib library
The zziplib library is intentionally lightweight, it offers the ability to
easily extract data from files archived in a single zip file. Applications
can bundle files into a single zip archive and access them. The implementation
is based only on the (free) subset of compression with the zlib algorithm
which is actually used by the zip/unzip tools.
This packages contains all the utilities that come with the zziplib library.
by Jakub Martisko (2019-10-24):
- Fix a directory traversal bug
- unzip-mem should now strip all "../" prefixes from the archived files
- Resolves: CVE-2018-17828
by Jakub Martisko (2019-02-28):
- Fix CVE-2018-6541
- Part of the original patch has already been applied in the past (CVE-2018-7726),
so the bug should not be reproducible in a way described in the github
issue, even without this commit. Applying the rest of the original patch anyway.
- Related: CVE-2018-6541
by Jakub Martisko (2018-06-20):
- Fix covscan warning
- "Variable "file" going out of scope leaks the storage it points to."
has been introduced by the original version of 0001-fix-CVE-2018-7725.patch
- Related: 1558596
by Daniel Mach (2014-01-24):
- Mass rebuild 2014-01-24