| Package | minizip |
|---|---|
| Version | 1.1-8+deb9u1 (stretch) |
| Related CVEs | CVE-2023-45853 |
An issue has been found in minizip, a compression library. When using long filenames, an integer overflow might happen, which results in a heap-based buffer overflow in zipOpenNewFileInZip4_64().
For Debian 9 stretch, these problems have been fixed in version 1.1-8+deb9u1.
We recommend that you upgrade your minizip packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.