Accepted:
OK: gzip_1.3.5-14ubuntu1.dsc
-> Component: main Section: base
OK: gzip_1.3.5-14ubuntu1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 14 Sep 2006 13:45:18 +0200
Source: gzip
Binary: gzip
Architecture: source
Version: 1.3.5-14ubuntu1
Distribution: edgy
Urgency: low
Maintainer: Bdale Garbee <[EMAIL PROTECTED]>
Changed-By: Martin Pitt <[EMAIL PROTECTED]>
Description:
gzip - The GNU compression utility
Changes:
gzip (1.3.5-14ubuntu1) edgy; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution or DoS with specially crafted
gzipped/compress'ed files. Tavis Ormandy did a comprehensive security
review, applied his patch to fix the following issues:
* NULL Dereference [CVE-2006-4334].
* Buffer overflows in LZH uncompressor's make_table() [CVE-2006-4335,
CVE-2006-4337].
* Buffer underflow in gzip unpacker's build_tree() [CVE-2006-4336].
* Infinite loop in LZH uncompressor [CVE-2006-4338].
Files:
e71102fcea2d6613838b9a09d90464e0 594 utils required gzip_1.3.5-14ubuntu1.dsc
9b6f471a443c276beb33e8a22a10da25 60497 utils required
gzip_1.3.5-14ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFCUVIDecnbV4Fd/IRAlLjAJ4y0RvIYEV6hrJzO1ipVqcCWufXNgCdEIIS
ifjDqWeNrmklbuJdQhiLzDk=
=DYSh
-----END PGP SIGNATURE-----
application finalize called
--
edgy-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/edgy-changes
