Format: 1.8 Date: Fri, 28 Oct 2022 14:43:41 -0400 Source: multipath-tools Binary: kpartx Built-For-Profiles: noudeb Architecture: i386 i386_translations Version: 0.8.8-1ubuntu1.22.10.1 Distribution: kinetic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: kpartx - create device mappings for partitions Changes: multipath-tools (0.8.8-1ubuntu1.22.10.1) kinetic-security; urgency=medium . * SECURITY UPDATE: symlink attack - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in .gitignore, Makefile.inc, libmultipath/defaults.h, multipath/Makefile, multipath/multipath.rules.in, multipath/tmpfiles.conf.in. - debian/multipath-tools.install: install tmpfiles.d/multipath.conf. - debian/rules: copy udev rule after build. - CVE-2022-41973 * SECURITY UPDATE: authorization bypass - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in interactive mode in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli_handlers.c, multipathd/main.c. - debian/patches/CVE-2022-41974.patch: more robust command parsing in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h, multipathd/cli_handlers.c, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-2.patch: fix command completion with robust parser in multipathd/cli.c, multipathd/cli.h, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-3.patch: add test for command parsing in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h, multipathd/cli.c. - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling invalid commands in multipathd/uxlsnr.c. - CVE-2022-41974 Checksums-Sha1: 11eb1b0d6c57833e8708c7e4fbe8eb308c20d04e 62996 kpartx-dbgsym_0.8.8-1ubuntu1.22.10.1_i386.ddeb 49b5b169dd948cfe3b9fb4e02174b42e828aba99 32652 kpartx_0.8.8-1ubuntu1.22.10.1_i386.deb ff20f9d99c364bfc5fd6fd01ac6edebd801773ba 7286 multipath-tools_0.8.8-1ubuntu1.22.10.1_i386.buildinfo 890a8c57d7180a4286440cb334b4dbf0a0414cf3 5903 multipath-tools_0.8.8-1ubuntu1.22.10.1_i386_translations.tar.gz Checksums-Sha256: c215ae592e6e53cd7c1a0103745f4acd9cb6dff7f70ae9684008e4f9afc68fc3 62996 kpartx-dbgsym_0.8.8-1ubuntu1.22.10.1_i386.ddeb da8c7d946856a661a39ddd57b25b4b7b404b142380cab2df8ae47b40f9a36c17 32652 kpartx_0.8.8-1ubuntu1.22.10.1_i386.deb 68425ce5514fb2c8d6c9562df5d535564c5502b567dc583a62659195fa7f635d 7286 multipath-tools_0.8.8-1ubuntu1.22.10.1_i386.buildinfo 836c1ec50e5244ac909b0c37704a0b44e3eff7ad66f1a04d0319d2a80534bd5c 5903 multipath-tools_0.8.8-1ubuntu1.22.10.1_i386_translations.tar.gz Files: 463ea429ecbd03fd4d4da9bfff8ca9a9 62996 debug optional kpartx-dbgsym_0.8.8-1ubuntu1.22.10.1_i386.ddeb 0dbe509eedd91f580409757b50afbd90 32652 admin optional kpartx_0.8.8-1ubuntu1.22.10.1_i386.deb 79d7c062eecc4d85c6868b2c800c4bb8 7286 admin optional multipath-tools_0.8.8-1ubuntu1.22.10.1_i386.buildinfo f79e555d18b969fd02c011297121112f 5903 raw-translations - multipath-tools_0.8.8-1ubuntu1.22.10.1_i386_translations.tar.gz Original-Maintainer: Debian DM Multipath Team