man/funzip.1 | 8 4 + 4 - 0 !
man/unzip.1 | 24 12 + 12 - 0 !
man/unzipsfx.1 | 32 16 + 16 - 0 !
man/zipgrep.1 | 8 4 + 4 - 0 !
man/zipinfo.1 | 10 5 + 5 - 0 !
5 files changed, 41 insertions(+), 41 deletions(-)

 in debian, manpages are in section 1, not in section 1l
X-Debian-version: 5.52-3

unzip.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 "branding patch": unzip by debian. original by info-zip.
X-Debian-version: 5.52-5

unix/unxcfg.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 #include <unistd.h> for kfreebsd
Bug-Debian: http://bugs.debian.org/340693
X-Debian-version: 5.52-8

process.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 handle the pkware verification bit of internal attributes
Bug-Debian: http://bugs.debian.org/630078
X-Debian-version: 6.0-5

process.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 restore uid and gid information when requested
Bug-Debian: http://bugs.debian.org/689212
X-Debian-version: 6.0-8

process.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 initialize the symlink flag
Bug-Debian: http://bugs.debian.org/717029
X-Debian-version: 6.0-10

list.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 increase size of cfactorstr array to avoid buffer overflow
Bug-Debian: http://bugs.debian.org/741384
X-Debian-version: 6.0-11

zipinfo.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 zipinfo.c: do not crash when hostver byte is >= 100

extract.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 fix cve-2014-8139: crc32 verification heap-based overflow
Bug-Debian: http://bugs.debian.org/773722

extract.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 fix cve-2014-8140: out-of-bounds write issue in test_compr_eb()
Bug-Debian: http://bugs.debian.org/773722

fileio.c | 9 8 + 1 - 0 !
process.c | 68 51 + 17 - 0 !
2 files changed, 59 insertions(+), 18 deletions(-)

 fix cve-2014-8141: out-of-bounds read issues in getzip64data()
Bug-Debian: http://bugs.debian.org/773722

extract.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 info-zip unzip buffer overflow
Bug-Debian: https://bugs.debian.org/776589

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.

crypt.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944

extract.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 fix infinite loop when extracting empty bzip2 data
Bug-Debian: https://bugs.debian.org/802160
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944

extract.c | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

 [patch] extract: prevent unsigned overflow on invalid input

list.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 fix cve-2014-9913, buffer overflow in unzip
Bug: https://sourceforge.net/p/infozip/bugs/27/
Bug-Debian: https://bugs.debian.org/847485
Bug-Ubuntu: https://launchpad.net/bugs/387350
X-Debian-version: 6.0-21

zipinfo.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 fix cve-2016-9844, buffer overflow in zipinfo
Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750
X-Debian-version: 6.0-21