[ubuntu/utopic-updates] patch 2.7.1-5ubuntu0.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jun 22 23:28:08 UTC 2015
patch (2.7.1-5ubuntu0.3) utopic-security; urgency=medium
* SECURITY UPDATE: Denial of service via crafted patch
- debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
allocation failures
- CVE-2014-9637
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point
outside of the current directory
- CVE-2015-1196
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1395.patch: Check the validity of both filenames
during a rename or copy
- CVE-2015-1395
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point
outside of the current directory. This patch corrects the incomplete fix
for CVE-2015-1196.
- CVE-2015-1396
* debian/rules: Fix FTBFS caused by ed check. Based on Debian change
suggested by Simon McVittie.
* debian/control: Add automake1.11 as a build-depends since some of the
patches adjust Makefile.am files
Date: 2015-06-22 19:50:17.687429+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/patch/2.7.1-5ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Utopic-changes
mailing list