-gzip (1.3.12-9) UNRELEASED; urgency=low
+gzip (1.3.12-9) unstable; urgency=high
+ * fix applied for CVE-2010-0001 which identified an integer underflow when
+ decompressing files that are compressed using the LZW algorithm. This
+ could lead to the execution of arbitrary code when trying to decompress
+ a crafted LZW compressed gzip archive.
* switch to using dh_lintian for override delivery
- -- Bdale Garbee <bdale@gag.com> Thu, 18 Jun 2009 14:15:42 -0600
+ -- Bdale Garbee <bdale@gag.com> Thu, 21 Jan 2010 07:38:41 +1300
gzip (1.3.12-8) unstable; urgency=low
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];