-
dosfstools (3.0.28-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: out of bounds read denial of service
- debian/patches/date_oob_read.patch: prevent out of bounds array read
in src/check.c.
- No CVE number
* SECURITY UPDATE: memory corruption via off-by-2 in FAT12
- debian/patches/CVE-2015-8872.patch: fix FAT12 logic in src/fat.c.
- CVE-2015-8872
* SECURITY UPDATE: heap overflow via excessive FAT size specifications
- debian/patches/CVE-2016-4804.patch: change size and perform checks in
src/boot.c, src/fsck.fat.h.
- CVE-2016-4804
-- Marc Deslauriers <email address hidden> Wed, 25 May 2016 15:29:46 -0400
-
dosfstools (3.0.28-2) unstable; urgency=medium
* Enable checking of PGP signatures on upstream tarballs in debian/watch
* Notify users about the default mode change for fsck in NEWS file
-- Andreas Bombe <email address hidden> Sat, 22 Aug 2015 01:03:28 +0200
-
dosfstools (3.0.28-1) unstable; urgency=medium
* New upstream version 3.0.28
- interactive repair mode is now the default for fsck.fat, ending
confusion about the previous default mode that looked like interactive
repair but never offered the option at the end to actually modify the
filesystem (Closes: #417639)
- fsck.fat now checks that the first cluster of a file is not 1, thereby
also preventing a possible segfault (Closes: #773885)
- 0xF0 is now allowed to be specified as media type for mkfs.fat
(Closes: #753951)
-- Andreas Bombe <email address hidden> Mon, 01 Jun 2015 02:33:30 +0200
