Format: 1.8 Date: Wed, 31 Jul 2019 09:19:23 -0400 Source: sigil Binary: sigil sigil-data Architecture: ppc64el Version: 0.9.9+dfsg-1ubuntu0.1~esm1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: sigil - multi-platform ebook editor sigil-data - multi-platform ebook editor - data files Changes: sigil (0.9.9+dfsg-1ubuntu0.1~esm1) bionic-security; urgency=medium . * SECURITY UPDATE: Zip Slip directory traversal when processing a crafted EPUB file - debian/patches/CVE-2019-14452-1.patch: do not allow zip files to have upward relative path sections. - debian/patches/CVE-2019-14452-2.patch: further harden against malicious epubs and produce error message. - debian/patches/CVE-2019-14452-3.patch: harden plugin unzipping to zip-slip attacks. - CVE-2019-14452 Checksums-Sha1: 90728ba1a75ab82f523c06c3aa91d84ebfd8760d 24271420 sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.ddeb 96ea82eb7b9955518eb030877dd108bb9f8e63aa 13771 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.buildinfo 55724a719ebc4e56399f55a9c58f683f585a4d38 1891236 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.deb Checksums-Sha256: 6560778bb2484701bdd58032b44081921aa3eab7764219c337a70d7e0dee8e48 24271420 sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.ddeb 40226be7201ed95ca34a99d65a8a891e4805a7c56b46745aaa247fc52eb00563 13771 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.buildinfo d9b148ed9bd2a7a0304227a405538d1400863c1394d142280b88455014d3bbf6 1891236 sigil_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.deb Files: 333b10cb0993542f92182ae133f11c03 24271420 debug optional sigil-dbgsym_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.ddeb b6175185d2fffcacf92cf4a247978ede 13771 editors optional sigil_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.buildinfo 649a86833bdfa3bb3fab99f0e600760e 1891236 editors optional sigil_0.9.9+dfsg-1ubuntu0.1~esm1_ppc64el.deb Original-Maintainer: Mattia Rizzolo