Closed l2dy closed 6 years ago
Hmm... This one's quite tough to track.
Majority of the vulnerabilities are still valid and not fixed according to Debian's tracker.
Cross-References: ASA-201801-17 ASA-201804-3
The problems have been fixed upstream in version 0.13.69.
At least some of these vulnerabilities have been fixed upstream.
Use AOSA-2018-0157 for zziplib 0.13.69.
Cross-References: RHSA-2018:3229-01
CVE-2018-7725 CVE-2018-7726 CVE-2018-7727
http://www.openwall.com/lists/oss-security/2017/02/14/3 https://security-tracker.debian.org/tracker/source-package/zziplib
Some of these CVEs were resolved in 0.13.67, e.g. https://github.com/gdraheim/zziplib/commit/9e8f867a976311a3e5fb0184c947e22ec35f2fcb.