[ubuntu/utopic-security] patch 2.7.1-5ubuntu0.3 (Accepted)

Tyler Hicks tyhicks at canonical.com
Mon Jun 22 23:06:43 UTC 2015


patch (2.7.1-5ubuntu0.3) utopic-security; urgency=medium

  * SECURITY UPDATE: Denial of service via crafted patch
    - debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
      allocation failures
    - CVE-2014-9637
  * SECURITY UPDATE: Directory traversal via crafted patch
    - debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point
      outside of the current directory
    - CVE-2015-1196
  * SECURITY UPDATE: Directory traversal via crafted patch
    - debian/patches/CVE-2015-1395.patch: Check the validity of both filenames
      during a rename or copy
    - CVE-2015-1395
  * SECURITY UPDATE: Directory traversal via crafted patch
    - debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point
      outside of the current directory. This patch corrects the incomplete fix
      for CVE-2015-1196.
    - CVE-2015-1396
  * debian/rules: Fix FTBFS caused by ed check. Based on Debian change
    suggested by Simon McVittie.
  * debian/control: Add automake1.11 as a build-depends since some of the
    patches adjust Makefile.am files

Date: 2015-06-22 19:50:17.687429+00:00
Changed-By: Tyler Hicks <tyhicks at canonical.com>
https://launchpad.net/ubuntu/+source/patch/2.7.1-5ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Utopic-changes mailing list