apt (1.2.32ubuntu0.1) xenial-security; urgency=high
* SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP:
#1878177)
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
member names
apt (1.2.32ubuntu0.1) xenial-security; urgency=high
* SECURITY UPDATE: Out of bounds read in ar, tar implementations (LP:
#1878177)
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read in member name
- apt-pkg/contrib/arfile.cc: Fix out-of-bounds read on unterminated
member names
libexif (0.6.21-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20030.patch: improve deep recursion detection
in exif_data_load_data_content in libexif/exif-data.c.
- CVE-2018-20030
* SECURITY UPDATE: Divinding by zero
libexif (0.6.21-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-20030.patch: improve deep recursion detection
in exif_data_load_data_content in libexif/exif-data.c.
- CVE-2018-20030
* SECURITY UPDATE: Divinding by zero
python-pip (8.1.1-2ubuntu0.5) xenial; urgency=medium
* d/patches/requires-python.patch: Add support for Requires-Python,
backported from 9.0.0. virtualenv is installing setuptools 45.0.0 into
Python 2.7 virtualenvs, which leaves broken virtualenvs.
As libraries drop Python 2.7
squid3 (3.5.12-1ubuntu7.11) xenial-security; urgency=medium
* SECURITY UPDATE: multiple ESI issues
- debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
src/esi/Esi.h, src/esi/Expression.cc.
-
file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium
* SECURITY REGRESSION: truncated interpreter name (LP: #1835596)
- debian/patches/CVE-2019-8905_8907.patch: updated to use correct
length in src/readelf.c.
Date: 2020-05-12 14:05:47.208615+00:00
Changed-By: Marc Deslauriers
file (1:5.25-2ubuntu1.4) xenial-security; urgency=medium
* SECURITY REGRESSION: truncated interpreter name (LP: #1835596)
- debian/patches/CVE-2019-8905_8907.patch: updated to use correct
length in src/readelf.c.
Date: 2020-05-12 14:05:47.208615+00:00
Changed-By: Marc Deslauriers
squid3 (3.5.12-1ubuntu7.11) xenial-security; urgency=medium
* SECURITY UPDATE: multiple ESI issues
- debian/patches/CVE-2019-12519_12521.patch: convert parse exceptions
into 500 status response in src/esi/Context.h, src/esi/Esi.cc,
src/esi/Esi.h, src/esi/Expression.cc.
-