Accepted arj 3.10.22-9+deb6u1 (source i386) into squeeze-lts
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 08 Apr 2015 16:10:46 +0200
Source: arj
Binary: arj
Architecture: source i386
Version: 3.10.22-9+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
arj - archiver for .arj files
Closes: 774015 774434 774435
Changes:
arj (3.10.22-9+deb6u1) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team
with patches from Guillem Jover
* Fix buffer overflow from size under user control.
This is causing free() on an invalid pointer.
Fixes: CVE-2015-2782 (Closes: #774015)
* Fix absolute path directory traversal.
Fixes: CVE-2015-0557 (Closes: #774435)
* Fix symlink directory traversal.
Fixes: CVE-2015-0556 (Closes: #774434)
Checksums-Sha1:
be93b4cbe462e534bc7c4ad48266eea5ab2b5e64 1955 arj_3.10.22-9+deb6u1.dsc
e8470f480e9eee14906e5485a8898e5c24738c8b 431467 arj_3.10.22.orig.tar.gz
266b86cd307f515f3b8142cc1bb00dd6389f8874 13165 arj_3.10.22-9+deb6u1.debian.tar.gz
ce3648060f9a343c93e9adc6256f5bd7f702a6e0 222492 arj_3.10.22-9+deb6u1_i386.deb
Checksums-Sha256:
cf5ac26f9e311582cee7823aab72ba3e2af153b0215fc18098475a18501c3f77 1955 arj_3.10.22-9+deb6u1.dsc
589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db 431467 arj_3.10.22.orig.tar.gz
b45594be4cb9d0710197eb09db6aefc4109496ec021e21c52b6656d2f727e30f 13165 arj_3.10.22-9+deb6u1.debian.tar.gz
25112168cd1f3e54cd838f87488e86a3a38b5ac700a55896c1175560fb710fe9 222492 arj_3.10.22-9+deb6u1_i386.deb
Files:
bac9e6b24e15471d9d36c77fafb43e2b 1955 utils optional arj_3.10.22-9+deb6u1.dsc
f263bf3cf6d42a8b7e85b4fb514336d3 431467 utils optional arj_3.10.22.orig.tar.gz
1a9ff7b13dca415970c4aa999e8b4d79 13165 utils optional arj_3.10.22-9+deb6u1.debian.tar.gz
8abf2c1ba2a26f50d572f91ac3abe911 222492 utils optional arj_3.10.22-9+deb6u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJVJTvCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHFeUP/3aHE9ZzYbbzvOZOK3/Tnccg
2wVa6w1mbKHpZ8gHPc/KICH/W4j4il1v/D2E7higv6WU82tK1HzUNocUaLEULbTH
7NRpilAotpzWvxGtAINFfuttW5ZZ1DFbSZ70wl0N4+KmaTRW6y+P1YkayAgYqVRM
or5CN3pYdIQ68YDETbp9QJnkkms4SnysshGWyNW0AWF4gXI7g1v0A8SmyLAm6HB2
DcNDKyy6jj0KuAwyZhOEoXw6H6GTwDHsr/FDeUo72fqm8MmGyHogi+zGyqx4wu87
Awv+fUON45WTp3UDTO4JkpJTY5EsZ/R5ow08Gl2ulJuVNcjPQgnsyKlryG7Qu18L
rLIg40QNTSR3z3B9wpUG59X3eOCV8wG70RVgFJBqnn4AEnOyUwC1O0/cYYjLuuk/
UTNwme3ve7v/sAf6NvPPhmEJO3Qj8JTgznDLqEAGYGn9K9nP3yXy1FQoM41waGmR
kikCwNluYTnK0QN55nWGvMQjjFMeQt5Nw+HGFBZ5rlneR7HgjtTJsznedsDO9Y4d
dD8Lvd4ynpKb5UX7aACRYAcyNmvXDUrVI0I8pltRWLYupVSzea9N5OeZN4dIAORa
VFypuV0vMc5pqQt0A+6Cr8pCIZopjOgjcs+VCC3pZWe60XvCdd+YQ9aUdL240qW3
KnoGLaGtpxF362NVn8k7
=/I3A
-----END PGP SIGNATURE-----