[ubuntu/eoan-proposed] sigil 0.9.14+dfsg-1ubuntu1 (Accepted)
Mike Salvatore
mike.salvatore at canonical.com
Thu Aug 1 11:28:12 UTC 2019
sigil (0.9.14+dfsg-1ubuntu1) eoan; urgency=medium
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-14452-1.patch: do not allow zip files to have
upward relative path sections.
- debian/patches/CVE-2019-14452-2.patch: further harden against malicious
epubs and produce error message.
- debian/patches/CVE-2019-14452-3.patch: harden plugin unzipping to
zip-slip attacks.
- CVE-2019-14452
Date: Wed, 31 Jul 2019 08:18:41 -0400
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/sigil/0.9.14+dfsg-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 31 Jul 2019 08:18:41 -0400
Source: sigil
Architecture: source
Version: 0.9.14+dfsg-1ubuntu1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Changes:
sigil (0.9.14+dfsg-1ubuntu1) eoan; urgency=medium
.
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-14452-1.patch: do not allow zip files to have
upward relative path sections.
- debian/patches/CVE-2019-14452-2.patch: further harden against malicious
epubs and produce error message.
- debian/patches/CVE-2019-14452-3.patch: harden plugin unzipping to
zip-slip attacks.
- CVE-2019-14452
Checksums-Sha1:
feb9dd9f632bb732549d6927a8e8d6de9401abe9 2332 sigil_0.9.14+dfsg-1ubuntu1.dsc
f1972f87d6752ea8df8b78b5a5cf0e5c25a4add1 17016 sigil_0.9.14+dfsg-1ubuntu1.debian.tar.xz
69eb3d5def9de420f6aa8780887dbaf7e1e93601 13600 sigil_0.9.14+dfsg-1ubuntu1_source.buildinfo
Checksums-Sha256:
ce89fb4aaabdf48bbf7a985e805defa0f2642a4a4b0395672798ecb941246496 2332 sigil_0.9.14+dfsg-1ubuntu1.dsc
9792a1179eabb4d9bead7f2bfb5759f6948d0ed0cfa698900d2d29b487de3b11 17016 sigil_0.9.14+dfsg-1ubuntu1.debian.tar.xz
63a6cbea4722a458c90d2ff1995410432f76ebb29dd33d32ab74647a7739478c 13600 sigil_0.9.14+dfsg-1ubuntu1_source.buildinfo
Files:
2152fdb5dcfc3a2ba757d862f9da781c 2332 editors optional sigil_0.9.14+dfsg-1ubuntu1.dsc
0cdc376d4b717d3d24231a2e79b51edd 17016 editors optional sigil_0.9.14+dfsg-1ubuntu1.debian.tar.xz
77b130e3ccf210e8d75b59062610d29e 13600 editors optional sigil_0.9.14+dfsg-1ubuntu1_source.buildinfo
Original-Maintainer: Mattia Rizzolo <mattia at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl1CyxIACgkQZWnYVadE
vpMcHxAAhfrexLld6l3kzXQq7d0EWurw+XRs2Zm1uhWyBghz3hmzN1POc4/zFILJ
FzAH6mslMty7Fem6tGlsGqfLQS1UEDYJrD96S5VofrXmfTyAvk5hR5vaWv0nIXG5
fr+Ak4ZgZI2rzIcnh60xo/+AWiy/VYjnnSitiZ8jdoYrPHZTdsVwjnPkvllV17nw
eBHCq1jd+aC60DxT46s0ziyjozGQIxMPm04KWis91qW2WNveyXuqfGScCztQQD4y
+5YBBZKF5QzfTj/iuG2t8MDRUnt/hYUTcUAJ74DoPxVADcVJES4v4X/jJugv9wrV
qWvTjnV5o6suxmuFPq5nu+yoitzsOZvkdtynCNke3iNMOVIK1GX1AFwV9rGIleWu
xTEgWEBORzbc/L+kuvNF6n8amfMFj1ju0WeMcxKmHjhRa4jdHVDAlAOPIbmsssey
t0yUjkIc6pQPJhRpfYohsfnyS98SAAmYxVhW5zCQXHfl/RWnSlmOctX9DJSQ6jIm
I/te7sIMPBp+hhWXghviiDXUyVLWHAFiZWeD0pKy72gOyVAl+DoA3EW2Y9BmGbvu
UWiAS5x1C+xtRWlTfXTPcgr10uYMhQnPHA+xeEnGKNkQV6AJ3vwD2tIjegXXBxSB
2eO3mWhnSKZ7i/rlo7pJgd2/ohrhCLf4COeGuW/n5ZZJb324NHA=
=Mcsd
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list