This update for zziplib to 0.13.67 contains multiple bug and security fixes:
- If an extension block is too small to hold an extension,
do not use the information therein.
- CVE-2018-6540: If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of
the file, reject the file. (bsc#1079096)
- CVE-2018-6484: Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file. (bsc#1078701)
- CVE-2018-6381: If a file is uncompressed, compressed and uncompressed sizes
should be identical. (bsc#1078497)
This update was imported from the SUSE:SLE-12:Update update project.
- Submitted by Josef Möllers (jmoellers)