[Bug 433065] [NEW] Please sync changetrack 4.5-2 (universe) from Debian unstable (main).

Sat Sep 19 13:59:41 UTC 2009

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/changetrack
 status new
 importance wishlist
 subscribe ubuntu-universe-sponsors

Please sync changetrack 4.5-2 (universe) from Debian unstable (main).

Please sync the package from debian as it fixes a potential CVE bug.

Changelog since current karmic version 4.5-1:

changetrack (4.5-2) unstable; urgency=low

  * [reject-weird-filenames.diff] Fix possible local exploit by rejecting
    filenames with unsafe characters (cf. CVE-2009-3233).  Thanks to Marek
    Grzybowski and Andrzej Lemieszek.
    (Closes: #546791)

 -- Jens Peter Secher <jps at debian.org>  Thu, 17 Sep 2009 22:32:43 +0200

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFKtOPLL+KnYRaooWIRAqZ2AJ43IgtvJSdNCYJ9q8S1+WaDZSwDAACeOvDm
783aMwBIxn9SZ+2LyIGfwZg=
=FizW
-----END PGP SIGNATURE-----

** Affects: changetrack (Ubuntu)
     Importance: Wishlist
         Status: New

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3233

-- 
Please sync changetrack 4.5-2 (universe) from Debian unstable (main).
https://bugs.launchpad.net/bugs/433065
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs