Описание
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | needs-triage | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | needs-triage | |
| focal | DNE | |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/xenial | needs-triage | |
| esm-infra/focal | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | released | 1.17.13-3ubuntu1.3 |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/bionic | released | 1.18.1-1ubuntu1~18.04.4+esm1 |
| esm-apps/xenial | released | 1.18.1-1ubuntu1~16.04.6+esm1 |
| esm-infra/focal | DNE | focal was released [1.18.1-1ubuntu1~20.04.3] |
| focal | released | 1.18.1-1ubuntu1~20.04.3 |
| jammy | released | 1.18.1-1ubuntu1.2 |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | focal was needs-triage |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| mantic | ignored | end of life, was needs-triage |
| noble | DNE | |
| oracular | DNE | |
| plucky | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/noble | released | 1.21.9-1ubuntu0.1 |
| esm-infra/focal | DNE | focal was released [1.21.1-1~ubuntu20.04.3] |
| focal | released | 1.21.1-1~ubuntu20.04.3 |
| jammy | released | 1.21.1-1~ubuntu22.04.3 |
| mantic | ignored | end of life, was needed |
| noble | released | 1.21.9-1ubuntu0.1 |
| oracular | DNE | |
| plucky | DNE | |
| upstream | released | 1.21.11-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra/focal | DNE | focal was released [1.22.2-2~20.04.1] |
| focal | released | 1.22.2-2~20.04.1 |
| jammy | released | 1.22.2-2~22.04.1 |
| mantic | ignored | end of life, was needed |
| noble | released | 1.22.2-2ubuntu0.1 |
| oracular | not-affected | 1.22.4-1 |
| plucky | DNE | |
| upstream | released | 1.22.4-1 |
Показывать по
Ссылки на источники
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
The archive/zip package's handling of certain types of invalid zip fil ...
The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.
Уязвимость пакета archive-zip языка программирования Golang, позволяющая нарушителю создать произвольный zip-файл
EPSS
5.5 Medium
CVSS3