Format: 1.8 Date: Thu, 11 Jun 2015 20:25:30 -0500 Source: patch Binary: patch Architecture: amd64 Version: 2.7.1-5ubuntu0.1 Distribution: utopic Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: patch - Apply a diff file to an original Changes: patch (2.7.1-5ubuntu0.1) utopic-security; urgency=medium . * SECURITY UPDATE: Denial of service via crafted patch - debian/patches/CVE-2014-9637.patch: Detect and exit upon memory allocation failures - CVE-2014-9637 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point outside of the current directory - CVE-2015-1196 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1395.patch: Check the validity of both filenames during a rename or copy - CVE-2015-1395 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point outside of the current directory. This patch corrects the incomplete fix for CVE-2015-1196. - CVE-2015-1396 * debian/rules: Fix FTBFS caused by ed check. Based on Debian change suggested by Simon McVittie. * debian/control: Add automake1.11 as a build-depends since some of the patches adjust Makefile.am files Checksums-Sha1: 124c91ed34700dfbb3134ec31f9aec090819ac38 86952 patch_2.7.1-5ubuntu0.1_amd64.deb 07852890004f3777fafe5d322dec8886e00c0883 125074 patch-dbgsym_2.7.1-5ubuntu0.1_amd64.ddeb Checksums-Sha256: 6d595cf10d38f656dbdc29f6e1740efa7e52100441b67afb063fe9f7e939bdc5 86952 patch_2.7.1-5ubuntu0.1_amd64.deb bf7f65122fae6896719ccc7fbe88f12c708fa92544aa311338fadfc5c709e117 125074 patch-dbgsym_2.7.1-5ubuntu0.1_amd64.ddeb Files: 281b48fe2b132e021bb3c6c71e8fe73d 86952 vcs standard patch_2.7.1-5ubuntu0.1_amd64.deb eef4945d1fe86d3dd69e9390b7f4e87e 125074 vcs extra patch-dbgsym_2.7.1-5ubuntu0.1_amd64.ddeb Original-Maintainer: Laszlo Boszormenyi (GCS)