Msrc Cbl2 Zziplib 0.13.69-8 On Cbl Mariner 2.0 vulnerabilities

CVE-2018-17828 [MEDIUM] CWE-22 Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file because of the function unzzip_cat in the bins/unzzipcat-mem.c file. Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file because of the function unzzip_cat in the bins/unzzipcat-mem.c file. FAQ: Is Azure Linux the only Microsoft product that includes this

CVE-2018-16548 [MEDIUM] CWE-772 An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c which will lead to a denial of service attack. An issue was discovered in ZZIPlib through 0.13.69. There is a memory leak triggered in the function __zzip_parse_root_directory in zip.c which will lead to a denial of service attack. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is ther