[ubuntu/jammy-proposed] gzip 1.10-4ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Fri Apr 8 19:20:52 UTC 2022
gzip (1.10-4ubuntu4) jammy; urgency=medium
* SECURITY UPDATE: arbitrary file override with crafted file names
- debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
file names in zgrep.in.
- debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
tests/zgrep-abuse.
- debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
- debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
gzexe.in.
- debian/patches/CVE-2022-1271-5.patch: use C locale more often in
gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
- debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
- debian/rules: fix permissions on new test scripts.
- CVE-2022-1271
Date: Fri, 08 Apr 2022 06:53:06 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/gzip/1.10-4ubuntu4
-------------- next part --------------
Format: 1.8
Date: Fri, 08 Apr 2022 06:53:06 -0400
Source: gzip
Built-For-Profiles: noudeb
Architecture: source
Version: 1.10-4ubuntu4
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
gzip (1.10-4ubuntu4) jammy; urgency=medium
.
* SECURITY UPDATE: arbitrary file override with crafted file names
- debian/patches/CVE-2022-1271-1.patch: avoid exploit via multi-newline
file names in zgrep.in.
- debian/patches/CVE-2022-1271-2.patch: add test in tests/Makefile.am,
tests/zgrep-abuse.
- debian/patches/CVE-2022-1271-3.patch: port to POSIX sed in zgrep.in.
- debian/patches/CVE-2022-1271-4.patch: optimize out a grep in
gzexe.in.
- debian/patches/CVE-2022-1271-5.patch: use C locale more often in
gzexe.in, sample/zfile, zdiff.in, zgrep.in, znew.in.
- debian/patches/CVE-2022-1271-6.patch: fix "binary file matches"
mislabeling in tests/Makefile.am, tests/zgrep-binary, zgrep.in.
- debian/rules: fix permissions on new test scripts.
- CVE-2022-1271
Checksums-Sha1:
3fe03436ade95bfd325f2fc4bf44c3354cd12dac 2269 gzip_1.10-4ubuntu4.dsc
5680fc1282d35f301b7fe6ec31342155c4ee76a3 39072 gzip_1.10-4ubuntu4.debian.tar.xz
460816b358b8cd2099631a91ded50da24f94625c 6562 gzip_1.10-4ubuntu4_source.buildinfo
Checksums-Sha256:
7ce7fad6a0f953153d1a67db482f373fbb48bc03aba2fb2ddfc787073fe6c885 2269 gzip_1.10-4ubuntu4.dsc
3e937f8754ae2f3f8213e37fdb4382d6b5a19116b198e0cce96fbcc8dba2d94d 39072 gzip_1.10-4ubuntu4.debian.tar.xz
1353288811fd4e20464b5e8d9974ed6620d8990720584176300cc1b32b7c8787 6562 gzip_1.10-4ubuntu4_source.buildinfo
Files:
1b1df2e9e54d8da94d9e99b6db9232a2 2269 utils required gzip_1.10-4ubuntu4.dsc
27e3ca8f355678ab70eb43c869587f56 39072 utils required gzip_1.10-4ubuntu4.debian.tar.xz
3e1763ccf4d8fd94522283111112136f 6562 utils required gzip_1.10-4ubuntu4_source.buildinfo
Original-Maintainer: Milan Kupcevic <milan at debian.org>
More information about the jammy-changes
mailing list