Debian Unzip vulnerabilities

CVE-2005-0602 [MEDIUM] CVE-2005-0602: unzip - Unzip 5.51 and earlier does not properly warn the user when extracting setuid or... Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. Scope: local bookworm: resolved (fixed in 5.52-1) bullseye: resolved (fixed in 5.52-1) forky: resolved (fixed in 5.52-1) sid: resolved (fixed in 5.52-1) trixie: resolved (fixed in 5.52-1)

CVE-2005-4667 [LOW] CVE-2005-4667: unzip - Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to exec... Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. Scope: local bookworm: resolv

CVE-2005-2475 [LOW] CVE-2005-2475: unzip - Race condition in Unzip 5.52 allows local users to modify permissions of arbitra... Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. Scope: local bookworm: resolved (fixed in 5.52-4) bullseye: resolved (fixed in 5.52-4) forky: resolved (fixed in 5.52-4) sid: resolved (fixed i

CVE-2003-0282 [LOW] CVE-2003-0282: unzip - Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite ar... Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence. Scope: local bookworm: resolved (fixed in 5.50-3) bullseye: resolved (fixed in 5.50-3) forky: resolved (fixed in 5.50-3) sid: resolved (fixed in 5.50-3) trixie: resolved (fix