[ubuntu/hirsute-proposed] gnome-autoar 0.2.4-2ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 10 20:04:13 UTC 2021
gnome-autoar (0.2.4-2ubuntu1) hirsute; urgency=medium
* SECURITY UPDATE: directory traversal issue (LP: #1901240)
- debian/patches/CVE-2020-36241.patch: do not extract files outside the
destination dir in gnome-autoar/autoar-extractor.c.
- CVE-2020-36241
Date: Wed, 10 Feb 2021 13:55:36 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gnome-autoar/0.2.4-2ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 10 Feb 2021 13:55:36 -0500
Source: gnome-autoar
Architecture: source
Version: 0.2.4-2ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Launchpad-Bugs-Fixed: 1901240
Changes:
gnome-autoar (0.2.4-2ubuntu1) hirsute; urgency=medium
.
* SECURITY UPDATE: directory traversal issue (LP: #1901240)
- debian/patches/CVE-2020-36241.patch: do not extract files outside the
destination dir in gnome-autoar/autoar-extractor.c.
- CVE-2020-36241
Checksums-Sha1:
801026a1daa10d2f328f13719450fc51ecaafef1 2828 gnome-autoar_0.2.4-2ubuntu1.dsc
396a8dac1cb62c623081488cff7cb6e4b6b259f6 6300 gnome-autoar_0.2.4-2ubuntu1.debian.tar.xz
abb65dfa695ecd122408f3bbf8b9b0147a3c5a16 16884 gnome-autoar_0.2.4-2ubuntu1_source.buildinfo
Checksums-Sha256:
734ce24e422b12ae70f96f2dde4ecd7a11b6b67932ac31a4a57281bcb7087bdf 2828 gnome-autoar_0.2.4-2ubuntu1.dsc
d05ad3a4196fdeb5d0867c1602f0ae82a2a5943ae1a98423b4df79d64bcea0bf 6300 gnome-autoar_0.2.4-2ubuntu1.debian.tar.xz
bdac134bb31e4391fc7cdf05f7730f46b1d4a277475708c38e1156392ddb0a68 16884 gnome-autoar_0.2.4-2ubuntu1_source.buildinfo
Files:
49fcf5deafd34558c11ffcfbb047e72c 2828 libs optional gnome-autoar_0.2.4-2ubuntu1.dsc
39ca60d1287aad5dd97a1aac76bd4926 6300 libs optional gnome-autoar_0.2.4-2ubuntu1.debian.tar.xz
8550217da15036818410c21f00b93062 16884 libs optional gnome-autoar_0.2.4-2ubuntu1_source.buildinfo
Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmAkO3oACgkQZWnYVadE
vpNQDg/+NFfRtBM1NZCKUzQL8zsHcE7l2/dM6C4rpnxy5i8pV0zicpDJxawKj3zu
2mX/9G+80C6cSKENMjOM5JhA5nOVzdGK8CPPIlIAhGbQx1neLbqyooulpB8zcneY
u+ya8BJYdXCfdrnBHiXPRCSoobUJh7Rv94hr8tvA9dDpAJ6BCCrKjf4sQ+IjKKs8
1awEeA5JuzESYoySfMWxaX503WvJWdx2A4SU7iMbwa4MSe3krCZI6qoomhVWDEew
R5oxas1NKntOYfsBMn9YTaIvasnZs/399fjM/cCUFrETdhcYOAl7FRbm/EiDYtrG
grn6MfEodY+kipaFoze8OPTp1PSdkfbEDxjWEObGqPp5TOHhAfXJMgt54W8QsWEL
Jl7U5kyttGhfZ4soRu78oJGXeONfMrfxvUAFiPcVIeyaxTykvWkYdAuoVhEZgH2S
ZeZpZxpY0em2YSDl9tt9fbYs8h5e52r6ZO5jn8MEJIvtSIyqf9q4vf92QYzki3+x
BJu0ltC/Yd5uZFV9Frpzgr8kWQZxFWiFYKXfYOmoSzQ2IHrBnI+pPNOqVi6SP5fM
05Dqg5zVYVyJRcsGlNSnJThKSrSn/JBWPo2OUm+HkBIW8AnekEoqJ4jOb68f83Hu
+kpIw9+dSC0+PyuK7tWiH6PQk88Mnd7/3HbFSDekr7AmsMMUjyQ=
=bGag
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list