Format: 1.8 Date: Wed, 31 Jul 2019 09:19:23 -0400 Source: sigil Binary: sigil sigil-data Architecture: i386 Version: 0.9.9+dfsg-1ubuntu0.1~esm1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: sigil - multi-platform ebook editor sigil-data - multi-platform ebook editor - data files Changes: sigil (0.9.9+dfsg-1ubuntu0.1~esm1) bionic-security; urgency=medium . * SECURITY UPDATE: Zip Slip directory traversal when processing a crafted EPUB file - debian/patches/CVE-2019-14452-1.patch: do not allow zip files to have upward relative path sections. - debian/patches/CVE-2019-14452-2.patch: further harden against malicious epubs and produce error message. - debian/patches/CVE-2019-14452-3.patch: harden plugin unzipping to zip-slip attacks. - CVE-2019-14452 Checksums-Sha1: 50dae108deb8e540599f974b1d6b9af32093b499 23316120 sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_i386.ddeb d7f74662ec0a348a8409ae9e03a80b2483de3845 13840 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_i386.buildinfo a90684902a019bc32c1ff4cefc5dc38ce819c196 1913808 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_i386.deb Checksums-Sha256: 358a36b4a8e6090d1a44678bde409c25cd77f7f250bdb8a1be2805c3d140a9a5 23316120 sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_i386.ddeb ca96c413d3eb7c3432f7a56088423dcadd10d52044d9ae79dce82127c527c3ec 13840 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_i386.buildinfo b3e01ad34ad84b124e8461159565d97881b1b30464ec0e58bda8f635ee878ffa 1913808 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_i386.deb Files: ce89939f1f68f3a54085a7c5293ecadc 23316120 debug optional sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_i386.ddeb d28cb0086099142cced57430e84d455b 13840 editors optional sigil_0.9.9+dfsg-1ubuntu0.1~esm1_i386.buildinfo 54bfb2e246fe14b92d11590f43837443 1913808 editors optional sigil_0.9.9+dfsg-1ubuntu0.1~esm1_i386.deb Original-Maintainer: Mattia Rizzolo