[Secure-testing-team] Bug#780756: libzip: CVE-2015-2331: ZIP integer overflow
Salvatore Bonaccorso
carnil at debian.org
Wed Mar 18 19:46:17 UTC 2015
Source: libzip
Version: 0.11.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
the following vulnerability was published for libzip.
CVE-2015-2331[0]:
ZIP Integer Overflow
The issue was originally reported to php5 for the embedded (modified)
copy of libzip there, but affects as well libzip.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-2331
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list