[ubuntu/impish-proposed] squashfs-tools 1:4.4-2ubuntu2 (Accepted)
Alex Murray
alex.murray at canonical.com
Tue Sep 14 06:33:13 UTC 2021
squashfs-tools (1:4.4-2ubuntu2) impish; urgency=medium
* SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
- debian/patches/0004-CVE-2021-41072-1.patch: Use
unsquashfs_closedir() when deleting directories in unsquash-N.c
- debian/patches/0005-CVE-2021-41072-2.patch: Dynamically allocate
structure names in unsquash-N.c
- debian/patches/0006-CVE-2021-41072-3.patch: Store directory names in
a linked list to allow sorting in unsquash-N.c
- debian/patches/0007-CVE-2021-41072-4.patch: Sort directory entries in
squashfs images and treat duplicate directory entries with the same
name as invalid in unsquash-N.c
- debian/patches/0008-CVE-2021-41072-5.patch: Fixup Makefile entry for
unsquash-12.o
- CVE-2021-41072
Date: Tue, 14 Sep 2021 14:58:03 +0930
Changed-By: Alex Murray <alex.murray at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/squashfs-tools/1:4.4-2ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 14 Sep 2021 14:58:03 +0930
Source: squashfs-tools
Built-For-Profiles: noudeb
Architecture: source
Version: 1:4.4-2ubuntu2
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Alex Murray <alex.murray at canonical.com>
Changes:
squashfs-tools (1:4.4-2ubuntu2) impish; urgency=medium
.
* SECURITY UPDATE: Directory traversal via symlinks in unsquashfs
- debian/patches/0004-CVE-2021-41072-1.patch: Use
unsquashfs_closedir() when deleting directories in unsquash-N.c
- debian/patches/0005-CVE-2021-41072-2.patch: Dynamically allocate
structure names in unsquash-N.c
- debian/patches/0006-CVE-2021-41072-3.patch: Store directory names in
a linked list to allow sorting in unsquash-N.c
- debian/patches/0007-CVE-2021-41072-4.patch: Sort directory entries in
squashfs images and treat duplicate directory entries with the same
name as invalid in unsquash-N.c
- debian/patches/0008-CVE-2021-41072-5.patch: Fixup Makefile entry for
unsquash-12.o
- CVE-2021-41072
Checksums-Sha1:
1fd7691f6f07864fca4557243548b86beb099de1 1684 squashfs-tools_4.4-2ubuntu2.dsc
afdf6d8af1a696fd66fa34836f12a204f2688172 17824 squashfs-tools_4.4-2ubuntu2.debian.tar.xz
557c48ed535f3c9b95ca418b764c1f645a03901f 6222 squashfs-tools_4.4-2ubuntu2_source.buildinfo
Checksums-Sha256:
2c646910d3694a4ac33e727733d661c1e4471516ec774a81ebcc11a8c788a2a9 1684 squashfs-tools_4.4-2ubuntu2.dsc
ddec8c68c51b626a013f0190f44b8173a43d1ca514d4f625d4850c54790ad5f2 17824 squashfs-tools_4.4-2ubuntu2.debian.tar.xz
4e9f448a576bdf465ff85300122163d68686b8824ddff259332bff9ff0e03011 6222 squashfs-tools_4.4-2ubuntu2_source.buildinfo
Files:
4611c13e520e1456f4b388370234aea8 1684 kernel optional squashfs-tools_4.4-2ubuntu2.dsc
0708da551d2d7054092fdaa16838fca2 17824 kernel optional squashfs-tools_4.4-2ubuntu2.debian.tar.xz
47020e8ce11d3385f802e9b1954f1c35 6222 kernel optional squashfs-tools_4.4-2ubuntu2_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>
More information about the impish-changes
mailing list