Debian Minizip vulnerabilities

CVE-2023-45853 [CRITICAL] CVE-2023-45853: minizip - MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buf... MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code throu

CVE-2014-9485 [MEDIUM] CVE-2014-9485: minizip - Directory traversal vulnerability in the do_extract_currentfile function in mini... Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive. Scope: local bookworm: resolved (fixed in 1.1-6) bullseye: resolved (fixed in 1.1-6)