Copied from
ubuntu xenial in
Private PPA for Ubuntu Security Team
by Mike Salvatore
Changelog
flightcrew (0.7.2+dfsg-6ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference (DoS) when processing crafted
EPUB file
- debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed
opf items in GetRelativePathToNcx()
- debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed
opf items in GetRelativePathsToXhtmlDocuments()
- CVE-2019-13032
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer
- debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to
always be safe
- debian/patches/CVE-2019-13241-3.patch: harden further by throwing
exception
- CVE-2019-13241
* SECURITY UPDATE: Infinite loop leading to DoS and resource consumption
- debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios
library by checking for EOF
- CVE-2019-13453
-- Mike Salvatore <email address hidden> Mon, 01 Jul 2019 15:30:43 -0400