Accepted bchunk 1.2.0-12+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 09 Nov 2017 14:28:06 +0100
Source: bchunk
Binary: bchunk
Architecture: source amd64
Version: 1.2.0-12+deb9u1
Distribution: stable
Urgency: high
Maintainer: Praveen Arimbrathodiyil <pravi.a@gmail.com>
Changed-By: Sebastien Delafond <seb@debian.org>
Description:
bchunk - CD image format conversion from bin/cue to iso/cdr
Closes: 880116
Changes:
bchunk (1.2.0-12+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955.
bchunk was vulnerable to a heap-based buffer overflow with an resultant
invalid free when processing a malformed CUE (.cue) file that may lead to
the execution of arbitrary code or a application crash. (Closes: #880116)
Checksums-Sha1:
5a0b53bf7c121efb91f55d36e7b2d1b10075bb3d 1496 bchunk_1.2.0-12+deb9u1.dsc
322cab011f66776fd1fdf3f60a397049ce73a39d 5500 bchunk_1.2.0-12+deb9u1.debian.tar.xz
fd3fc0ed55adf46cf0e8c57a70ed308d21f810e2 5258 bchunk_1.2.0-12+deb9u1_amd64.buildinfo
11e26b9b2abb5968e89c81d2ab94916ba234b78e 14022 bchunk_1.2.0-12+deb9u1_amd64.deb
Checksums-Sha256:
78b75e48f91022c25eb1e1a7d387a8c8f8d60e206370f9321d24d754844cbe5d 1496 bchunk_1.2.0-12+deb9u1.dsc
94a8ac8f5a69fcec6536760378ae90a075a154b9f996692fc31f5ec0ee71918c 5500 bchunk_1.2.0-12+deb9u1.debian.tar.xz
bfa870678c3c27fcc624f9f3512557c9122788fa00d962505887ae3291cab27c 5258 bchunk_1.2.0-12+deb9u1_amd64.buildinfo
2717d40a003557f23bacf1d229c13928f9d98c02ab95a69405d874b07c5d53ea 14022 bchunk_1.2.0-12+deb9u1_amd64.deb
Files:
fb141ef6678f5a0763c1f40efce302ce 1496 otherosfs optional bchunk_1.2.0-12+deb9u1.dsc
0665a5e9d71e12ae0b616293717466f7 5500 otherosfs optional bchunk_1.2.0-12+deb9u1.debian.tar.xz
bad598309a8f20c2302e8bfa8579727c 5258 otherosfs optional bchunk_1.2.0-12+deb9u1_amd64.buildinfo
ee002669531f301d0eebe7844a345754 14022 otherosfs optional bchunk_1.2.0-12+deb9u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAloEcuEACgkQEL6Jg/PV
nWRN3QgAj19DjG4zinyAj1QUXoPvr8GlyTzSebzSrnsxU30XN6pSpi8pJtTPlIsg
/WI2t3UcmSzSnwW7KMnoWDezyLemj16q7m6xbfp1XaD6g1Q3Ds3M25PsMnJinjL7
8DWvv3rcCTCUF+cr9T8Fh5cd+ztm4cOD1O4JHQpYIKrTcL2FpgjJSF5VL9IrtNrC
NAxvT3lgKl3N2dkH9bodvr9GYbsGfXiz1AhEE83yNeKiHJtgDtO9gYVspaoDv/ZF
c1uENW1f9HNEKyEarhhFqtNJ4AVbDQ0O+gGAeLfmTAFoooPdzO7xJGZXuwn+HHiX
nz96v+fYCE1c9tO+Oz3OQBUtE44YUw==
=2EFv
-----END PGP SIGNATURE-----