| Package | unzip |
|---|---|
| Version | 6.0-16+deb8u7 (jessie), 6.0-21+deb9u3 (stretch) |
| Related CVEs | CVE-2022-0529 CVE-2022-0530 |
Sandipan Roy discovered two vulnerabilities in InfoZIP’s unzip program, a de-archiver for .zip files, which could result in denial of service or potentially the execution of arbitrary code.
For Debian 8 jessie, these problems have been fixed in version 6.0-16+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 6.0-21+deb9u3.
We recommend that you upgrade your unzip packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.