Accepted capi4hylafax 1:01.03.00.99.svn.300-3 (source)

Ubuntu Installer archive at ubuntu.com
Fri Sep 8 18:06:53 BST 2006 

Accepted:
 OK: capi4hylafax_01.03.00.99.svn.300-3.dsc
     -> Component: universe Section: comm
 OK: capi4hylafax_01.03.00.99.svn.300.orig.tar.gz
 OK: capi4hylafax_01.03.00.99.svn.300-3.diff.gz

Origin: Debian/unstable
Format: 1.7
Date: Fri,  08 Sep 2006 17:59:11 +0100
Source: capi4hylafax
Binary: capi4hylafax
Architecture: source
Version: 1:01.03.00.99.svn.300-3
Distribution: edgy
Urgency: high
Maintainer: Lionel Elie Mamane <lmamane at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 capi4hylafax - Faxing over CAPI 2.0 device
Closes: 382474
Changes: 
 capi4hylafax (1:01.03.00.99.svn.300-3) unstable; urgency=high
 .
   * Sigh. 1:01.03.00.99.svn.300-2 was still subtly broken: An invalid TSI
     string crashes the c2faxrecv daemon. Hopefully fixed now.
   * Also fix CVE-2006-3126 in mgetty mode.
 .
 capi4hylafax (1:01.03.00.99.svn.300-2) unstable; urgency=low
 .
   * Fix bug #382474 in a way that doesn't break the whole program's
     functionality.
 .
 capi4hylafax (1:01.03.00.99.svn.300-1) unstable; urgency=low
 .
   * New upstream release:
     - Fix for #358567 taken upstream
     - Fix for long (> 200 chars) lines in config files
     - Higher debbugging level
   * Bumped up Standards-Version
 .
 capi4hylafax (1:01.03.00.99.svn.297-4) UNRELEASED; urgency=high
 .
   * Don't let null characters from cidnumber prematurely terminate C
     string preparing command line for faxrcvd in c2faxrecv
     (closes: #382474). This is CVE-2006-3126.
     Also remove shell metacharacters while I'm at it. This probably fixes
     a security vulnerability (arbitrary remote command execution under
     uucp identity): the said command line contains untrusted
     sender-controlled data, the sender's identification (the TSI
     string). (The ITU T.30 specification restricts this string to a prefix
     '+' and digits only, but rumour has it an attacker can transmit
     arbitrary ASCII data, including null characters.)
Files: 
 4c57b84a5805b8011f888bb1d5e430b1 708 comm extra capi4hylafax_01.03.00.99.svn.300-3.dsc
 af2610c5219e89ef9dc47eead30276b4 533410 comm extra capi4hylafax_01.03.00.99.svn.300.orig.tar.gz
 641d17f1c4bb681ba526cff44cd18b6e 155360 comm extra capi4hylafax_01.03.00.99.svn.300-3.diff.gz

More information about the edgy-changes mailing list