[ubuntu/lucid-security] logrotate 3.7.8-4ubuntu2.2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Jul 21 16:03:44 UTC 2011 

logrotate (3.7.8-4ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via shell metacharacters in
    log filename
    - debian/patches/CVE-2011-1154.patch: improve shred logic in
      logrotate.c.
    - CVE-2011-1154
  * SECURITY UPDATE: denial of service via invalid characters in log
    filename
    - debian/patches/CVE-2011-1155.patch: properly escape filenames in
      logrotate.c.
    - CVE-2011-1155

Date: Fri, 17 Jun 2011 13:50:33 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/logrotate/3.7.8-4ubuntu2.2
-------------- next part --------------
Format: 1.8
Date: Fri, 17 Jun 2011 13:50:33 -0400
Source: logrotate
Binary: logrotate
Architecture: source
Version: 3.7.8-4ubuntu2.2
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 logrotate  - Log rotation utility
Changes: 
 logrotate (3.7.8-4ubuntu2.2) lucid-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via shell metacharacters in
     log filename
     - debian/patches/CVE-2011-1154.patch: improve shred logic in
       logrotate.c.
     - CVE-2011-1154
   * SECURITY UPDATE: denial of service via invalid characters in log
     filename
     - debian/patches/CVE-2011-1155.patch: properly escape filenames in
       logrotate.c.
     - CVE-2011-1155
Checksums-Sha1: 
 9864459f0b86eb8de76d3c57bca365ebcd0e783b 1788 logrotate_3.7.8-4ubuntu2.2.dsc
 d707e0bc5df9b267486e3d691577f8b687717c85 22545 logrotate_3.7.8-4ubuntu2.2.diff.gz
Checksums-Sha256: 
 ec1da46c20e2786cfd520b11e45d45544d09e892a08d183fa90c5ab4af8d66dd 1788 logrotate_3.7.8-4ubuntu2.2.dsc
 e83242ee1767c7f643522bdb0884d284d68fa53909c616f458ea90e9735b1446 22545 logrotate_3.7.8-4ubuntu2.2.diff.gz
Files: 
 3cf389fe713d6e5f0b828f938c334ac6 1788 admin important logrotate_3.7.8-4ubuntu2.2.dsc
 1ef7d90c180f3955891a32d39397a3fe 22545 admin important logrotate_3.7.8-4ubuntu2.2.diff.gz
Original-Maintainer: Paul Martin <pm at debian.org>

More information about the Lucid-changes mailing list