Source: unadf Version: 0.7.11a-3 Severity: important Tags: security patch Hi,
Tuomas Räsänen discovered the following vulnerabilities for unadf. CVE-2016-1243[0]: stack buffer overflow caused by blindly trusting on pathname lengths of archived files. CVE-2016-1244[1]: execution of unsanitized input The patch is available here: http://tmp.tjjr.fi/0001-Fix-unsafe-extraction-by-using-mkdir-instead-of-shel.patch If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-1243 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1243 [1] https://security-tracker.debian.org/tracker/CVE-2016-1244 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1244