[ubuntu/yakkety-proposed] unadf 0.7.11a-3+deb7u1 (Accepted)

Tyler Hicks tyhicks at canonical.com
Fri Sep 23 15:13:05 UTC 2016 

unadf (0.7.11a-3+deb7u1) wheezy-security; urgency=high

  * CVE-2016-1243: Fix stack buffer overflow caused by blindly trusting on
    pathname lengths of archived files. Stack allocated buffer sysbuf was
    filled with sprintf() without any bounds checking in extracTree() function.
    (Closes: #838248)

  * CVE-2016-1244: Correct execution of unsanitized input. Shell command used
    for creating directory paths was constructed by oncatenating names of
    archived files to the end of the command string. (Closes: #838248)

Date: Wed, 21 Sep 2016 03:27:21 +0100
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Debian QA Group <packages at qa.debian.org>
Origin: debian/wheezy-security
https://launchpad.net/ubuntu/+source/unadf/0.7.11a-3+deb7u1
-------------- next part --------------
Format: 1.8
Date: Wed, 21 Sep 2016 03:27:21 +0100
Source: unadf
Binary: unadf
Architecture: source
Version: 0.7.11a-3+deb7u1
Distribution: yakkety-proposed
Urgency: high
Maintainer: Debian QA Group <packages at qa.debian.org>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
 unadf      - Extract files from an Amiga Disk File dump (.adf)
Closes: 838248
Changes:
 unadf (0.7.11a-3+deb7u1) wheezy-security; urgency=high
 .
   * CVE-2016-1243: Fix stack buffer overflow caused by blindly trusting on
     pathname lengths of archived files. Stack allocated buffer sysbuf was
     filled with sprintf() without any bounds checking in extracTree() function.
     (Closes: #838248)
 .
   * CVE-2016-1244: Correct execution of unsanitized input. Shell command used
     for creating directory paths was constructed by oncatenating names of
     archived files to the end of the command string. (Closes: #838248)
Checksums-Sha1:
 a80def4a3e36dc7a5b0545cd50250d23eaadd9b2 1718 unadf_0.7.11a-3+deb7u1.dsc
 040ce52a550612474ac0d8e3af5169429e6b48ad 21762 unadf_0.7.11a-3+deb7u1.debian.tar.gz
Checksums-Sha256:
 2cd9381c81d42d666cd684a420546da4b31c9140dc30c4ee11ae336e7d67b033 1718 unadf_0.7.11a-3+deb7u1.dsc
 ed723ed04624b6337d42e47ce40217bc218c7be64098fe0ba316b5d01a91a841 21762 unadf_0.7.11a-3+deb7u1.debian.tar.gz
Files:
 833f69a163e884c29904c5d379d89784 1718 utils optional unadf_0.7.11a-3+deb7u1.dsc
 32c3c4f104526bbea523dfbbd942dd9b 21762 utils optional unadf_0.7.11a-3+deb7u1.debian.tar.gz
Origin: debian/wheezy-security

More information about the Yakkety-changes mailing list