Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
unadf (0.7.11a-3+deb7u1~build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
unadf (0.7.11a-3+deb7u1) wheezy-security; urgency=high
* CVE-2016-1243: Fix stack buffer overflow caused by blindly trusting on
pathname lengths of archived files. Stack allocated buffer sysbuf was
filled with sprintf() without any bounds checking in extracTree() function.
(Closes: #838248)
* CVE-2016-1244: Correct execution of unsanitized input. Shell command used
for creating directory paths was constructed by oncatenating names of
archived files to the end of the command string. (Closes: #838248)
-- Tyler Hicks <email address hidden> Thu, 22 Sep 2016 16:47:13 -0500