Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
tardiff (0.1-2+deb8u2build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
tardiff (0.1-2+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add fix for shell command injection via tar filename itself.
This fix is as well part of the CVE-2015-0857 assignment but was
previously missed.
tardiff (0.1-2+deb8u1) jessie-security; urgency=high
* Add patch to fix miscalculated statistics. (Closes: #802098)
* Add patches to fix two security issues:
+ CVE-2015-0857: shell command injection through file names
+ CVE-2015-0858: /tmp race condition in handling temporary directory
Issues found and reported by Rainer Müller and Florian Weimer.
Additional necessary changes:
+ Add new run-time dependency on libtext-diff-perl.
-- Marc Deslauriers <email address hidden> Tue, 24 May 2016 09:23:53 -0400