Accepted gzip 1.3.5-14ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Tue Sep 19 15:30:11 BST 2006
Accepted:
OK: gzip_1.3.5-14ubuntu1.dsc
-> Component: main Section: base
OK: gzip_1.3.5-14ubuntu1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 14 Sep 2006 13:45:18 +0200
Source: gzip
Binary: gzip
Architecture: source
Version: 1.3.5-14ubuntu1
Distribution: edgy
Urgency: low
Maintainer: Bdale Garbee <bdale at gag.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
gzip - The GNU compression utility
Changes:
gzip (1.3.5-14ubuntu1) edgy; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution or DoS with specially crafted
gzipped/compress'ed files. Tavis Ormandy did a comprehensive security
review, applied his patch to fix the following issues:
* NULL Dereference [CVE-2006-4334].
* Buffer overflows in LZH uncompressor's make_table() [CVE-2006-4335,
CVE-2006-4337].
* Buffer underflow in gzip unpacker's build_tree() [CVE-2006-4336].
* Infinite loop in LZH uncompressor [CVE-2006-4338].
Files:
e71102fcea2d6613838b9a09d90464e0 594 utils required gzip_1.3.5-14ubuntu1.dsc
9b6f471a443c276beb33e8a22a10da25 60497 utils required gzip_1.3.5-14ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFCUVIDecnbV4Fd/IRAlLjAJ4y0RvIYEV6hrJzO1ipVqcCWufXNgCdEIIS
ifjDqWeNrmklbuJdQhiLzDk=
=DYSh
-----END PGP SIGNATURE-----
application finalize called
More information about the edgy-changes
mailing list