flightcrew (0.7.2+dfsg-13ubuntu1) eoan; urgency=medium
* SECURITY UPDATE: NULL pointer dereference (DoS) when processing a crafted
EPUB file
- debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed
opf items in GetRelativePathToNcx()
- debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed
opf items in GetRelativePathsToXhtmlDocuments()
- CVE-2019-13032
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer
- debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to
always be safe
- debian/patches/CVE-2019-13241-3.patch: harden further by throwing
exception
- CVE-2019-13241
* SECURITY UPDATE: Infinite loop leading to DoS and resource consumption
- debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios
library by checking for EOF
- CVE-2019-13453
Date: Mon, 01 Jul 2019 08:36:26 -0400
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-13ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 01 Jul 2019 08:36:26 -0400
Source: flightcrew
Architecture: source
Version: 0.7.2+dfsg-13ubuntu1
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Changes:
flightcrew (0.7.2+dfsg-13ubuntu1) eoan; urgency=medium
.
* SECURITY UPDATE: NULL pointer dereference (DoS) when processing a crafted
EPUB file
- debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed
opf items in GetRelativePathToNcx()
- debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed
opf items in GetRelativePathsToXhtmlDocuments()
- CVE-2019-13032
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer
- debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to
always be safe
- debian/patches/CVE-2019-13241-3.patch: harden further by throwing
exception
- CVE-2019-13241
* SECURITY UPDATE: Infinite loop leading to DoS and resource consumption
- debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios
library by checking for EOF
- CVE-2019-13453
Checksums-Sha1:
cd1ef41f03ee4b7c487594ad70b6034995e190a3 2346 flightcrew_0.7.2+dfsg-13ubuntu1.dsc
b8f74ad0f0a4b9f31ccfed93f7ae61de4929abfa 11824 flightcrew_0.7.2+dfsg-13ubuntu1.debian.tar.xz
1cc4a1e96ea62b6bf9f7dbb5426342248c638165 12841 flightcrew_0.7.2+dfsg-13ubuntu1_source.buildinfo
Checksums-Sha256:
b51baf91323d87de438013f05c008f442db8c5ee1fd7b79752d892d290e7e78d 2346 flightcrew_0.7.2+dfsg-13ubuntu1.dsc
ffe1db8e48cd8cadeb384dc4e329f352ff9bd564975031c356c4ee056f4efe40 11824 flightcrew_0.7.2+dfsg-13ubuntu1.debian.tar.xz
cd378e2c406275ffebeeadb4cffdd838aa172368573154018cbd7cc61f05f9ba 12841 flightcrew_0.7.2+dfsg-13ubuntu1_source.buildinfo
Files:
39e2b27bb92ccbe083bb66232a50758c 2346 text optional flightcrew_0.7.2+dfsg-13ubuntu1.dsc
d55be56c7aa727f0932fddd35fa20c9a 11824 text optional flightcrew_0.7.2+dfsg-13ubuntu1.debian.tar.xz
570343378790e7e029dacb16ac0f32e6 12841 text optional flightcrew_0.7.2+dfsg-13ubuntu1_source.buildinfo
Original-Maintainer: Mattia Rizzolo <mattia at debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0scmcACgkQZWnYVadE
vpNKEBAAidIP4pw5UZJkkv8nwTgBKNL9KxdLo1fEzNsss3xRC+3mmzKlN7qkd+Fk
iy/9iDHgmt5hsfyjwwjKVIfOE1EQ9hupURodFoyGa8DIXW3WujmNRoelyBSe0VWP
AY2bQE55GHvaaTpxO1Rb9cuNINDj9KKyXzu2C//QFHc5E7cIatkcCtvkSGbh2O68
v1Hr1WEM00th2L8IA1yUE0Qu+6mFp1TFyG5Z18+FfgfQ5ZFX5H15rF342qPGWAkZ
bWzWvIp9Vuv1ewTGyb5qZriG3VR7z4663+GIVa2j7hW9+xMMfbo08OE7rz/rBH+r
dAxO/khhJv5GpQi+pGqvB95HCmfPclPIc1NMH5FEy0wAppbmPSdISCdLJW6n3lPu
snGNS1yW4ermx/ZVOjSTdyDlLK6+hMdu0VuTzwI3eLf/NQV1VjRafSst7gsKYgjZ
qjisxAGMwTdAtOa1cN+R0+elpTb5iEKZAuz8l5xpalLLikdEAbA6fx4siUGHtaCp
KMN3EqhhD/jvFZ+1hdctDUmtVkdIxQp3wNS+w15vSIeQBa5XzlcEB5i4b73UFhEL
gG56iDjaE/z5JiDDCkmkNdMPdvUvZ1xT4OXi0Ac8eV88lyis4pSi+O2jxVEvIs8d
8BKqwJFs+Ncg/ZMPrdTtFksarnPiTnvxzKtpmAlX2v2jhZiGFfY=
=Bzyq
-----END PGP SIGNATURE-----