[ubuntu/xenial-updates] rsync 3.1.1-3ubuntu1.3 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Feb 24 22:58:09 UTC 2020
rsync (3.1.1-3ubuntu1.3) xenial-security; urgency=medium
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
in inftrees.c.
- CVE-2016-9840
* SECURITY UPDATE: improper pointer arithmetic might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9841.patch: use post-increment only in inffast.c.
- CVE-2016-9841
* SECURITY UPDATE: vectors involving left shifts of negative integers might
allow context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9842_1.patch: avoid shifts of negative values in
inflateMark().
- debian/patches/CVE-2016-9842_2.patch: avoid casting an out-of-range
value to long.
- CVE-2016-9842
* SECURITY UPDATE: vectors involving big-endian CRC calculation might allow
context-dependent attackers to have unspecified impact
- debian/patches/CVE-2016-9843.patch: avoid pre-decrement of pointer in
big-endian CRC calculation.
- CVE-2016-9843
Date: 2020-02-20 17:36:25.518761+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/rsync/3.1.1-3ubuntu1.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list