[Bug 1617155] [NEW] Sync cracklib2 2.9.2-3 (main) from Debian unstable (main)

Jeremy Bicha jbicha at linux.com
Fri Aug 26 05:02:06 UTC 2016 

*** This bug is a security vulnerability ***

Public security bug reported:

Please sync cracklib2 2.9.2-3 (main) from Debian unstable (main)

Changelog entries since current yakkety version 2.9.2-1build2:

cracklib2 (2.9.2-3) unstable; urgency=medium

  * Fix "Buffer overflow processing long words" by applying patch from
    https://build.opensuse.org/package/view_file/Base:System/cracklib/
    0004-overflow-processing-long-words.patch (Closes: #835386)
  * remove obsolete debian/pycompat
  * change Vcs-* fields to https variants
  * Bump Standards-Version to 3.9.8 (no changes)
  * Fix "FTCBFS: invokes host-arch executable cracklib-packer" by applying
    Helmut Grohne's patch to fix cross compilation (Closes: #792860)

 -- Jan Dittberner <jandd at debian.org>  Thu, 25 Aug 2016 17:29:17 +0200

cracklib2 (2.9.2-2) unstable; urgency=medium

  * Fix "CVE-2016-6318: Stack-based buffer overflow when parsing large
    GECOS field" by applying patch by Salvatore Bonaccorso (Closes: #834502)

 -- Jan Dittberner <jandd at debian.org>  Tue, 23 Aug 2016 18:50:44 +0200

** Affects: cracklib2 (Ubuntu)
     Importance: Wishlist
         Status: New

** Affects: cracklib2 (Debian)
     Importance: Unknown
         Status: Unknown

** Changed in: cracklib2 (Ubuntu)
   Importance: Undecided => Wishlist

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6318

** Bug watch added: Debian Bug tracker #834502
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834502

** Also affects: cracklib2 (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834502
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1617155

Title:
  Sync cracklib2 2.9.2-3 (main) from Debian unstable (main)

Status in cracklib2 package in Ubuntu:
  New
Status in cracklib2 package in Debian:
  Unknown

Bug description:
  Please sync cracklib2 2.9.2-3 (main) from Debian unstable (main)

  Changelog entries since current yakkety version 2.9.2-1build2:

  cracklib2 (2.9.2-3) unstable; urgency=medium

    * Fix "Buffer overflow processing long words" by applying patch from
      https://build.opensuse.org/package/view_file/Base:System/cracklib/
      0004-overflow-processing-long-words.patch (Closes: #835386)
    * remove obsolete debian/pycompat
    * change Vcs-* fields to https variants
    * Bump Standards-Version to 3.9.8 (no changes)
    * Fix "FTCBFS: invokes host-arch executable cracklib-packer" by applying
      Helmut Grohne's patch to fix cross compilation (Closes: #792860)

   -- Jan Dittberner <jandd at debian.org>  Thu, 25 Aug 2016 17:29:17 +0200

  cracklib2 (2.9.2-2) unstable; urgency=medium

    * Fix "CVE-2016-6318: Stack-based buffer overflow when parsing large
      GECOS field" by applying patch by Salvatore Bonaccorso (Closes: #834502)

   -- Jan Dittberner <jandd at debian.org>  Tue, 23 Aug 2016 18:50:44 +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cracklib2/+bug/1617155/+subscriptions

More information about the Ubuntu-sponsors mailing list