debcrafters-packages team mailing list archive

Thread
Date

[Bug 2110052] Re: Merge 3.0-15 into questing

To: debcrafters-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <2110052@xxxxxxxxxxxxxxxxxx>
Date: Fri, 09 May 2025 10:20:29 -0000
Reply-to: Bug 2110052 <2110052@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

This bug was fixed in the package zip - 3.0-15ubuntu1

---------------
zip (3.0-15ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2110052).
    Remaining changes:
    - d/t: add some basic smoke test
      Can be dropped when Debian bug 1104090 makes progress.
    Dropped changes (upstreamed in Debian):
    - d/p/13-buffer-overflow.patch: Fix buffer overflow when filename contains
      unicode characters (LP 2062535)
    - d/p/14-buffer-overflow.patch:
      Fix buffer overflow when invoked with `-T -TT` (LP 2093024)

zip (3.0-15) unstable; urgency=medium

  * Add debian/source/lintian-overrides for *.a files.
  * Fix manpage typo: RISC OS/2 -> OS/2. Closes: #1092811.
  * Fix buffer overflow when filename contains unicode characters.
    Closes: #1077054, #1093629.
  * Fix buffer overflow when using '-T -TT'. Closes: #903196, #1093629.
    This is CVE-2018-13410. CVE note: Negligible security impact, would
    involve that a untrusted party controls the -TT value.
  * Fix symlink update detection. Closes: #1005943.
  * Add Vcs-Git and Vcs-Browser fields.
  * Update Standards-Version.
  * Add debian/salsa-ci.yml.

 -- Florent 'Skia' Jacquet <florent.jacquet@xxxxxxxxxxxxx>  Tue, 06 May
2025 16:51:29 +0200

** Changed in: zip (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13410

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to zip in Ubuntu.
https://bugs.launchpad.net/bugs/2110052

Title:
  Merge 3.0-15 into questing

Status in zip package in Ubuntu:
  Fix Released

Bug description:
  tracking bug

  Debian: 3.0-15
  Ubuntu: 3.0-14ubuntu2

  This is a trivial merge where most of the patches have been upstreamed
  to Debian, and we only get to keep a DEP8 test where Debian has bigger
  plans and didn't want to take right away (https://bugs.debian.org/cgi-
  bin/bugreport.cgi?bug=1104090).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zip/+bug/2110052/+subscriptions