Overview

File _patchinfo of Package patchinfo.3475

<patchinfo incident="3475">
  <category>security</category>
  <rating>moderate</rating>
  <packager>msmeissn</packager>
  <summary>Security update for unzip</summary>
  <description>
unzip was updated to fix security issues.

The unzip command line tool is affected by heap-based buffer overflows
within the CRC32 verification (CVE-2014-8139), the test_compr_eb()
(CVE-2014-8140) and the getZip64Data() functions (CVE-2014-8141).
The input errors may result in in arbitrary code execution.

More info can be found in the oCert announcement:
http://seclists.org/oss-sec/2014/q4/1127
  </description>
  <issue tracker="cve" id="CVE-2014-8139"/>
  <issue tracker="cve" id="CVE-2014-8140"/>
  <issue tracker="cve" id="CVE-2014-8141"/>
  <issue tracker="bnc" id="909214"/>
</patchinfo>
openSUSE Build Service is sponsored by
Places