gzip 1.10-4ubuntu4 source package in Ubuntu
Changelog
gzip (1.10-4ubuntu4) jammy; urgency=medium
* SECURITY UPDATE: arbitrary file override with crafted file names
- debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
file names in zgrep.in.
- debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
tests/zgrep-abuse.
- debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
- debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
gzexe.in.
- debian/patches/CVE-2022-1271-5.patch: use C locale more often in
gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
- debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
- debian/rules: fix permissions on new test scripts.
- CVE-2022-1271
-- Marc Deslauriers <email address hidden> Fri, 08 Apr 2022 06:53:06 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Jammy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jammy | release | main | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| gzip_1.10.orig.tar.gz | 1.1 MiB | c91f74430bf7bc20402e1f657d0b252cb80aa66ba333a25704512af346633c68 |
| gzip_1.10.orig.tar.gz.asc | 833 bytes | b5e4942cca901ca37772d3ea060c4af6a1908719cec5327fbe033f9d30933f1b |
| gzip_1.10-4ubuntu4.debian.tar.xz | 38.2 KiB | 3e937f8754ae2f3f8213e37fdb4382d6b5a19116b198e0cce96fbcc8dba2d94d |
| gzip_1.10-4ubuntu4.dsc | 2.2 KiB | 7ce7fad6a0f953153d1a67db482f373fbb48bc03aba2fb2ddfc787073fe6c885 |
Available diffs
Binary packages built by this source
- gzip: GNU compression utilities
This package provides the standard GNU file compression utilities, which
are also the default compression tools for Debian. They typically operate
on files with names ending in '.gz', but can also decompress files ending
in '.Z' created with 'compress'.
- gzip-dbgsym: debug symbols for gzip
- gzip-win32: GNU compression utility (win32 build)
This package provides the standard GNU file compression utilities, which
are also the default compression tools for Debian. They typically operate
on files with names ending in '.gz', but can also decompress files ending
in '.Z' created with 'compress'.
.
This is a win32 version of gzip, meant to be used by the win32-loader
component of Debian-Installer.
