Source: unzip Version: 6.0-23 Severity: important Tags: security upstream Control: found -1 6.0-21+deb9u1 Control: found -1 6.0-21
Hi, The following vulnerability was published for unzip. CVE-2019-13232[0]: | Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP | container, leading to denial of service (resource consumption), aka a | "better zip bomb" issue. There seem to be a fork onf Info-Zip UnZip, trying to address this issue, but not sure if we should follow that. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13232 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
