Debian 10261 Published by

A minizip security update has been released for Debian GNU/Linux 9 Extended LTS to address an integer overflow issue.



ELA-1010-1 minizip security update

Package : minizip
Version : 1.1-8+deb9u1 (stretch)

Related CVEs :
CVE-2023-45853

An issue has been found in minizip, a compression library.
When using long filenames, an integer overflow might happen, which results in a heap-based buffer overflow in zipOpenNewFileInZip4_64().

ELA-1010-1 minizip security update