[ubuntu/impish-proposed] squashfs-tools 1:4.4-2ubuntu1 (Accepted)
Alex Murray
alex.murray at canonical.com
Mon Aug 30 03:00:12 UTC 2021
squashfs-tools (1:4.4-2ubuntu1) impish; urgency=medium
* SECURITY UPDATE: Directory traversal via relative paths in unsquashfs
(LP: #1941790)
- debian/patches/0003-CVE-2021-40153.patch:
Treat squashfs images which contain files with names containing
constructs like ../ as corrupted in unsquash-N.c
- CVE-2021-40153
Date: Fri, 27 Aug 2021 14:29:02 +0930
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squashfs-tools/1:4.4-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 27 Aug 2021 14:29:02 +0930
Source: squashfs-tools
Built-For-Profiles: noudeb
Architecture: source
Version: 1:4.4-2ubuntu1
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Launchpad-Bugs-Fixed: 1941790
Changes:
squashfs-tools (1:4.4-2ubuntu1) impish; urgency=medium
.
* SECURITY UPDATE: Directory traversal via relative paths in unsquashfs
(LP: #1941790)
- debian/patches/0003-CVE-2021-40153.patch:
Treat squashfs images which contain files with names containing
constructs like ../ as corrupted in unsquash-N.c
- CVE-2021-40153
Checksums-Sha1:
ed899d397f61aba0e5ee654986c8a3b51a879860 1684 squashfs-tools_4.4-2ubuntu1.dsc
48366a69750222186bfc054de7694e0fa2c6e6f0 14284 squashfs-tools_4.4-2ubuntu1.debian.tar.xz
eb9773674fc832eaed4f85a4810f3094f1311b2b 6224 squashfs-tools_4.4-2ubuntu1_source.buildinfo
Checksums-Sha256:
86a3cb3f218d61f320c3f573899c528a7a148b3490ef45bd8958e2f7d448c4f9 1684 squashfs-tools_4.4-2ubuntu1.dsc
de5b474da9c46a8c2cb3bcc37a257cf985d90921834fd7dd29a94d653521d133 14284 squashfs-tools_4.4-2ubuntu1.debian.tar.xz
cd247af5500dbfb7431b2e386f3a0adacc8cf0064c605885a3287d9bcde37c5b 6224 squashfs-tools_4.4-2ubuntu1_source.buildinfo
Files:
27eeb7f4d4b142db0ede1d028a9c76e7 1684 kernel optional squashfs-tools_4.4-2ubuntu1.dsc
1ba562ce6415a1cb9065b745c4547d81 14284 kernel optional squashfs-tools_4.4-2ubuntu1.debian.tar.xz
716c49afe8bc36312f0383501a3692ef 6224 kernel optional squashfs-tools_4.4-2ubuntu1_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>
More information about the impish-changes
mailing list