-
patch (2.7.1-5ubuntu0.3) utopic-security; urgency=medium
* SECURITY UPDATE: Denial of service via crafted patch
- debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
allocation failures
- CVE-2014-9637
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point
outside of the current directory
- CVE-2015-1196
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1395.patch: Check the validity of both filenames
during a rename or copy
- CVE-2015-1395
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point
outside of the current directory. This patch corrects the incomplete fix
for CVE-2015-1196.
- CVE-2015-1396
* debian/rules: Fix FTBFS caused by ed check. Based on Debian change
suggested by Simon McVittie.
* debian/control: Add automake1.11 as a build-depends since some of the
patches adjust Makefile.am files
-- Tyler Hicks <email address hidden> Mon, 22 Jun 2015 14:34:29 -0500
-
patch (2.7.1-5) unstable; urgency=low
* Add watch file.
[ James Hunt <email address hidden> ]
* Fix segfault due to incorrect usage (closes: #742470).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 14 Apr 2014 18:31:53 +0200
-
patch (2.7.1-4) unstable; urgency=low
* New maintainer (closes: #728664).
* Add manual last change date (closes: #674052).
* Update Standards-Version to 3.9.5 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 04 Nov 2013 12:36:11 +0000
