Accepted gzip 1.3.5-9ubuntu4 (source)

[Martin Pitt]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  3 May 2005 14:36:12 +0000
Source: gzip
Binary: gzip
Architecture: source
Version: 1.3.5-9ubuntu4
Distribution: breezy
Urgency: low
Maintainer: Bdale Garbee <bdale at gag.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 gzip       - The GNU compression utility
Changes: 
 gzip (1.3.5-9ubuntu4) breezy; urgency=low
 .
   * SECURITY UPDATE: Fix several vulnerabilities.
   * gzip.c:
     - Ignore path in original file name stored in gzip archive when
       uncompressing with -N; this prohibits creating files in arbitrary
       directories that are writeable by the user.
     - Thanks to Ulf Harnhammar for spotting this and the patch.
     - References:
       CAN-2005-1228
       http://bugs.debian.org/305255
   * gzip.c:
     - copy_stat(): Use fchmod() and fchown() instead of chmod() and chown() to
       ensure that the permissions are applied to the file created by gzip.
       This avoids a race when an attacker removes the target file and replaces
       it with a hard link during compression.
     - treat_file(): Call copy_stat() before closing the output file, not
       after.
     - References:
       CAN-2005-0988
Files: 
 1cd206afb4d134b9b541adf2a703597a 566 base required gzip_1.3.5-9ubuntu4.dsc
 8450a840e0285592ab1840303cab892c 58960 base required gzip_1.3.5-9ubuntu4.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCd4xwDecnbV4Fd/IRAsA4AJwLwJ2wip1Gk2MLvfGn7cz9KZCZZQCfXWA+
pOFnLyBn180W50UCQrskCoE=
=Zgfi
-----END PGP SIGNATURE-----


Accepted:
gzip_1.3.5-9ubuntu4.diff.gz
  to pool/main/g/gzip/gzip_1.3.5-9ubuntu4.diff.gz
gzip_1.3.5-9ubuntu4.dsc
  to pool/main/g/gzip/gzip_1.3.5-9ubuntu4.dsc