Fix the URL and add three new patches. Quoting changelog [1]:
unzip (6.0-24) unstable; urgency=medium
* Apply two patches by Mark Adler:
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries. Closes: #931433.
Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
-- Santiago Vila <sanvila@debian.org> Thu, 11 Jul 2019 18:03:34 +0200
unzip (6.0-23) unstable; urgency=medium
* Fix lame code in fileio.c which parsed 64-bit values incorrectly.
Thanks to David Fifield for the report. Closes: #929502.
-- Santiago Vila <sanvila@debian.org> Wed, 29 May 2019 00:24:08 +0200
[1] https://sources.debian.org/data/main/u/unzip/6.0-24/debian/changelog
Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 009c59a261)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
bc367e42f3