[ubuntu/groovy-proposed] whoopsie 0.2.71 (Accepted)

Brian Murray brian at ubuntu.com
Wed Aug 5 22:02:12 UTC 2020


whoopsie (0.2.71) groovy; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
    - lib/bson/*: updated to latest upstream release.
    - CVE-2020-12135
  * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
    - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
      GHashTable.
    - CVE-2020-11937
  * SECURITY UPDATE: DoS via large data length (LP: #1882180)
    - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
      the size of a report file.
    - CVE-2020-15570

Date: Wed, 05 Aug 2020 15:00:45 -0700
Changed-By: Brian Murray <brian at ubuntu.com>
Maintainer: Evan Dandrea <ev at ubuntu.com>
https://launchpad.net/ubuntu/+source/whoopsie/0.2.71
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 05 Aug 2020 15:00:45 -0700
Source: whoopsie
Architecture: source
Version: 0.2.71
Distribution: groovy
Urgency: medium
Maintainer: Evan Dandrea <ev at ubuntu.com>
Changed-By: Brian Murray <brian at ubuntu.com>
Launchpad-Bugs-Fixed: 1872560 1881982 1882180
Changes:
 whoopsie (0.2.71) groovy; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: integer overflow in bson parsing (LP: #1872560)
     - lib/bson/*: updated to latest upstream release.
     - CVE-2020-12135
   * SECURITY UPDATE: resource exhaustion via memory leak (LP: #1881982)
     - src/whoopsie.c, src/tests/test_parse_report.c: properly handle
       GHashTable.
     - CVE-2020-11937
   * SECURITY UPDATE: DoS via large data length (LP: #1882180)
     - src/whoopsie.c, src/whoopsie.h, src/tests/test_parse_report.c: limit
       the size of a report file.
     - CVE-2020-15570
Checksums-Sha1:
 5f416fe8850c47a18a0381fdb8f7a59c176fe92d 1787 whoopsie_0.2.71.dsc
 aa1e087650c10e86393944798123281752584271 65148 whoopsie_0.2.71.tar.xz
 999f788a08c3c3888b722a49253ca35fa4d3f424 15639 whoopsie_0.2.71_source.buildinfo
Checksums-Sha256:
 bc1e3e3d1f08ff7a38f84771d362d36a9c01bfa5cfc0a6313b5bf82ac7c70456 1787 whoopsie_0.2.71.dsc
 14b46f5957e63109b5c0c08f049f3bebd2fe970fcda3f8ca5642e417cf589264 65148 whoopsie_0.2.71.tar.xz
 f1c115afd21b1638f19da24b4e6c075a04ed112d0198e35ea99c62c344d092f0 15639 whoopsie_0.2.71_source.buildinfo
Files:
 54d04c9269755716bb838b31ff13880e 1787 utils optional whoopsie_0.2.71.dsc
 4239855b4c0274909a6396e15889b566 65148 utils optional whoopsie_0.2.71.tar.xz
 e0aa633c5aa252444a2e3f28d2d8293b 15639 utils optional whoopsie_0.2.71_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfS610FljvwXMts5kHpGLZnZbPjEFAl8rLCgACgkQHpGLZnZb
PjE7fxAAjAQhiJDQqn3p5CLsrROEvmizTnUR2DpPzdpJS1sD6ygdwqefL5fB1OMu
G1hrs/5vPhhz1Kgif0FysfINg/+YTxnM6Coc/ulPCQ+SkfMwEsSdz1pyZKBUx16c
BVO+oMHjE9Ezy8TYXxVoit6E2uAWQEAIpelU5rCNJWZWAVahxGZzWsVgjzI6rooa
GiuTRswByGIbo+Yakwcjt4VgEl5yZN8Z6+gpAQ0cO8T1zQVx4DKDr5YLzEyWW66a
j5ZUaDhLXIYnS3DlHZkl78TfcootIbE1ZupOW2FYO1yJLYOJVZJG59Kgcq8cGYXF
0Jw3YRk4nQnqK00mUunfVS72VlLeiM4WpEe2wQW3aYbmcqJIV2NnNC5vhmsr3Yhk
rO2jSmZCihNjoUP+E/f3dk0ucOIdfkIVnpj2nbUo2S0NXAp8a+Ly8VGEnP+pcAYt
LI4ky9tBRPDFkAyR2JLBvUgh58UUdqxwDmPhFtEWjnjjCD0ifcC8wgW+ukHkYPz1
bYwo8suhwIw9qdLWhcN5nSJGq+l55atryxu80g/cfkcGOYpYzr0gdj/nL9xITRac
sjKdEpzQhQqNWBmLUnPkwMBqg0WrzZvkhEonaRxOx8VeAoDvNoUMlvMuoZTzqxff
5VB/3aPl4IDkeQkzO2hmZl8WyY+PXtASkgVLMGDD8rXv5yOC7qQ=
=IWL8
-----END PGP SIGNATURE-----


More information about the Groovy-changes mailing list