[ubuntu/trusty-security] patch 2.7.1-4ubuntu2.3 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Mon Jun 22 23:06:44 UTC 2015
patch (2.7.1-4ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service via crafted patch
- debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
allocation failures
- CVE-2014-9637
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point
outside of the current directory
- CVE-2015-1196
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1395.patch: Check the validity of both filenames
during a rename or copy
- CVE-2015-1395
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point
outside of the current directory. This patch corrects the incomplete fix
for CVE-2015-1196.
- CVE-2015-1396
* debian/control: Add automake1.11 as a build-depends since some of the
patches adjust Makefile.am files
Date: 2015-06-22 19:50:12.858393+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/patch/2.7.1-4ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list