Format: 1.8 Date: Thu, 18 Jun 2015 15:56:29 -0500 Source: patch Binary: patch Architecture: i386 Version: 2.7.1-5ubuntu0.2 Distribution: utopic Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: patch - Apply a diff file to an original Changes: patch (2.7.1-5ubuntu0.2) utopic-security; urgency=medium . * SECURITY UPDATE: Denial of service via crafted patch - debian/patches/CVE-2014-9637.patch: Detect and exit upon memory allocation failures - CVE-2014-9637 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point outside of the current directory - CVE-2015-1196 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1395.patch: Check the validity of both filenames during a rename or copy - CVE-2015-1395 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point outside of the current directory. This patch corrects the incomplete fix for CVE-2015-1196. - CVE-2015-1396 * debian/rules: Fix FTBFS caused by ed check. Based on Debian change suggested by Simon McVittie. * debian/control: Add automake1.11 as a build-depends since some of the patches adjust Makefile.am files Checksums-Sha1: 63a83eea0bd72194c6352139a6173cfac81e1d67 95460 patch_2.7.1-5ubuntu0.2_i386.deb d19fa1f753e7b2a7a21fb8b0458d6156eafc5e85 104496 patch-dbgsym_2.7.1-5ubuntu0.2_i386.ddeb Checksums-Sha256: b72c24c594537726abf4e1003d7b764021bb141c26fa5c2ff8aaa7349403b3ea 95460 patch_2.7.1-5ubuntu0.2_i386.deb ffa7b526be7edb343b77559b16dcb8e0c37a17222fca1a49a1608af36bfa6288 104496 patch-dbgsym_2.7.1-5ubuntu0.2_i386.ddeb Files: 1e4b064c9a9c2e46e0e03462a1fe4f46 95460 vcs standard patch_2.7.1-5ubuntu0.2_i386.deb 23e14f73f1c8d8c64a7043077dd25669 104496 vcs extra patch-dbgsym_2.7.1-5ubuntu0.2_i386.ddeb Original-Maintainer: Laszlo Boszormenyi (GCS)