Overview

File unzip.changes of Package unzip

-------------------------------------------------------------------
Thu Jun 29 21:25:15 UTC 2023 - Sheng Huang <shenghuang147@gmail.com> - 6.00

- Modify the build script to standardize the version number
- Fix TW build

-------------------------------------------------------------------
Thu Jun 29 13:09:32 UTC 2023 - Sheng Huang <shenghuang147@gmail.com> - 6.0

- Added Features
    * Added natspec patch for unzip, which fixes the encoding
    issue when extracting files with non-ASCII characters2.

- Security Fixes
This release of Unzip 6.0 addresses the following security 
vulnerabilities:

    * CVE-2014-9636: An integer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file.
    * CVE-2014-8139: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2014-8140: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2014-8141: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2015-7696: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2015-7697: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2016-9844: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2014-9913: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with long filenames.
    * CVE-2018-1000035: A format string vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with malicious 
    filenames.
    * CVE-2022-0530: A stack overflow vulnerability that could allow 
    remote attackers to execute arbitrary code or cause a denial 
    of service via a crafted zip file with malicious filenames.
    * CVE-2022-0529: A heap out-of-bounds write vulnerability that 
    could allow remote attackers to execute arbitrary code or cause 
    a denial of service via a crafted zip file with malicious 
    filenames.
    * CVE-2018-18384: A buffer overflow vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with malicious 
    filenames.
    * CVE-2019-13232: A directory traversal vulnerability that 
    could allow remote attackers to overwrite arbitrary files or 
    execute arbitrary code via a crafted zip file with malicious 
    filenames.
    * CVE-2021-4217: A format string vulnerability that could 
    allow remote attackers to execute arbitrary code or cause a 
    denial of service via a crafted zip file with malicious 
    filenames.

-------------------------------------------------------------------
Wed Jun 28 16:41:35 UTC 2023 - Sheng Huang <shenghuang147@gmail.com>

- version 6.0
- Initial package
openSUSE Build Service is sponsored by
Places