Accepted unadf 0.7.11a-3+deb7u1 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 21 Sep 2016 03:27:21 +0100
Source: unadf
Binary: unadf
Architecture: source amd64
Version: 0.7.11a-3+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Description:
unadf - Extract files from an Amiga Disk File dump (.adf)
Closes: 838248
Changes:
unadf (0.7.11a-3+deb7u1) wheezy-security; urgency=high
.
* CVE-2016-1243: Fix stack buffer overflow caused by blindly trusting on
pathname lengths of archived files. Stack allocated buffer sysbuf was
filled with sprintf() without any bounds checking in extracTree() function.
(Closes: #838248)
.
* CVE-2016-1244: Correct execution of unsanitized input. Shell command used
for creating directory paths was constructed by oncatenating names of
archived files to the end of the command string. (Closes: #838248)
Checksums-Sha1:
615aee980f21ef85ed80098407ab76a0a8036a85 1700 unadf_0.7.11a-3+deb7u1.dsc
63c05f97302ff67f5d7ff2d9e33f9a66196f9578 209458 unadf_0.7.11a.orig.tar.gz
040ce52a550612474ac0d8e3af5169429e6b48ad 21762 unadf_0.7.11a-3+deb7u1.debian.tar.gz
4bd6b2041f4d1c7431ae20503b2a335168f1ace0 119676 unadf_0.7.11a-3+deb7u1_amd64.deb
Checksums-Sha256:
db4a5a7defcec018da390d90f58710ba0d5f59f33b16450e0407f3d2866c1576 1700 unadf_0.7.11a-3+deb7u1.dsc
fa9e0e34b1b0f4f4287905a3d485e3bba498451af98d6c12be87ab3a2b436471 209458 unadf_0.7.11a.orig.tar.gz
ed723ed04624b6337d42e47ce40217bc218c7be64098fe0ba316b5d01a91a841 21762 unadf_0.7.11a-3+deb7u1.debian.tar.gz
7f415e272a7105734f7102bd8ceb42c2700672d41803a2aadf213490edcd5336 119676 unadf_0.7.11a-3+deb7u1_amd64.deb
Files:
613e73c52d252e3e0fd426c8c8f320bd 1700 utils optional unadf_0.7.11a-3+deb7u1.dsc
63c21eeb61e1473d8dd214e0b39cb819 209458 utils optional unadf_0.7.11a.orig.tar.gz
32c3c4f104526bbea523dfbbd942dd9b 21762 utils optional unadf_0.7.11a-3+deb7u1.debian.tar.gz
a601b5f46efde3fe46553db1372646a6 119676 utils optional unadf_0.7.11a-3+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJX4fzCAAoJEB6VPifUMR5Yi3sP/2KLZIcRXBxGEcl9gQqWPtqo
v8goh1o4qGXTkPyxuLEt4CHCadEFUa5xlMFlvXu8HYklFqXAxlNHJqEWwDqNvTmH
6Vvsy4/CsCKVEVhjbbhw1uIulJ1NqKmZ2weHrEJLmQnbFs98heqWktqKuCU5qu5z
eAes9BJzE644Ag6PxNrp4s8LB/ZPUHQCzKdeXQT0vbV30s5OiB5PXH7OUc+3gQfC
vZJtTQ/5qE7JYkI0oyffe6G2hLDbzy4tWyUuKaATXyMwGgB2Y90W8wQHcYX+0AFJ
p/Nm1cL46cwzl0xpg0A0gRDoS9VKwy4yVkTWGLRChw8wbSWn7Qze/DET82/fyuco
d53/9HydBtgAEwrOHCcdxafGJ90Hv1uUXWAPcysnJMif43XC1JcfzrAJu86IaIW0
BkHH3MKj1EcH0WqC3O7MQ96iTi6z0LAcThSN8J7+yxEPqrU/iLQXMhQciMgsrgJd
+VO4plwn1ETD7MYWLWuRGLoiTGv6lRVrj3XTTobtDhbr3ZTGrOwVX7XPwhf57HQ2
7YgE5UKH2veKmU9btWBmPPsdevNCSQe9cDEg6Ief8OalfjqDNDqqc+YfShZPQZVP
WgrhWMunGMzG6rF8umICNJ2KbwW6g0TflY+LqM0SevBi/ZK8wTE+Elvmns9iW3T+
T0y4cq4UOuVTm1qfdHHW
=NX4b
-----END PGP SIGNATURE-----