- Wed Sep 20 2006 PLD Team <feedback@pld-linux.org>
All persons listed below can be reached at
@pld-linux.org
$Log: unzip.spec,v $
Revision 1.51 2006/09/20 23:14:06 glen
- check-files cleanup, rel 4
Revision 1.50 2006/09/20 12:52:01 areq
- enable large files support
Revision 1.49 2006/02/25 17:54:30 sparky
- typo
Revision 1.48 2006/02/25 17:47:40 sparky
- oops, it wasn't working that way, but I won't cry...
Revision 1.47 2006/02/25 17:37:12 sparky
- pass CC and CFLAGS
Revision 1.46 2006/02/17 23:33:46 psz
- security fix: CVE-2005-4667
- rel 3; STBR
Revision 1.45 2005/11/24 10:26:16 havner
- CAN-2005-2475.patch
Revision 1.44 2005/03/11 23:55:09 charles
- updated to 5.52
Revision 1.43 2004/06/08 09:29:08 blues
- release 2
Revision 1.42 2004/06/08 08:06:04 pluto
- updated to 5.51 (security release).
- fix for two directory-traversal security holes.
- fix for central/local directory mismatch security hole.
- fix for symlink-traversal security hole.
- fix for textmode data-corruption bug in 16-bit ports.
- fix to zipgrep to handle archived filenames with spaces in them.
- release 1.
Revision 1.41 2004/06/08 07:28:46 paszczus
- reverted changes
Revision 1.39 2004/02/26 00:22:15 undefine
- release 11 to allow upgrade from RA
Revision 1.38 2003/08/27 06:58:28 misi3k
- rel 10
- Security fix to fix
Note:
The fix which was implemented in rel 9 may
not have protected against all methods of
exploiting this vulnerability.
Revision 1.37 2003/07/02 22:41:16 blues
- cosmetics
Revision 1.36 2003/07/02 14:09:01 misi3k
- rel 9
- added security patch1 (patch from RH)
CVE: CAN-2003-0282
BUG(bugtraq):
A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to
overwrite arbitrary files during archive extraction by placing invalid
(non-printable) characters between two "." characters. These non-printable
characters are filtered, resulting in a ".." sequence. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0282 to this issue.
Revision 1.35 2003/06/02 15:48:33 ankry
- added/restored non-english-man-pages URL
Revision 1.34 2003/05/25 11:01:12 malekith
- massive attack, adding Source-md5
Revision 1.33 2003/05/25 06:27:34 misi3k
- massive attack s/pld.org.pl/pld-linux.org/
Revision 1.32 2003/04/29 08:14:02 kloczek
- bump release to 8 (for allow upgrade from RH).
Revision 1.31 2002/11/29 22:46:55 ankry
- massive attack: new %doc