Format: 1.8 Date: Mon, 22 Jun 2015 14:34:29 -0500 Source: patch Binary: patch Architecture: i386 Version: 2.7.1-5ubuntu0.3 Distribution: utopic Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: patch - Apply a diff file to an original Changes: patch (2.7.1-5ubuntu0.3) utopic-security; urgency=medium . * SECURITY UPDATE: Denial of service via crafted patch - debian/patches/CVE-2014-9637.patch: Detect and exit upon memory allocation failures - CVE-2014-9637 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point outside of the current directory - CVE-2015-1196 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1395.patch: Check the validity of both filenames during a rename or copy - CVE-2015-1395 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point outside of the current directory. This patch corrects the incomplete fix for CVE-2015-1196. - CVE-2015-1396 * debian/rules: Fix FTBFS caused by ed check. Based on Debian change suggested by Simon McVittie. * debian/control: Add automake1.11 as a build-depends since some of the patches adjust Makefile.am files Checksums-Sha1: e6c39fcac2770ab7332d5413306e7a03f4482f49 95470 patch_2.7.1-5ubuntu0.3_i386.deb d7bf5fa3f9e0e0a0de9d7c9805499de048ee100a 104762 patch-dbgsym_2.7.1-5ubuntu0.3_i386.ddeb Checksums-Sha256: d72ed68a6c01a41eeb4c81dcfacb419896e81378ffaa3476a356defe3614776e 95470 patch_2.7.1-5ubuntu0.3_i386.deb 394b2e0a8785d9f0e9b913e9861e0c3ca1d8bb8596bfa5ffe62827c3a1574161 104762 patch-dbgsym_2.7.1-5ubuntu0.3_i386.ddeb Files: 8d03bbaf2f2808c5172a3b594f6b4846 95470 vcs standard patch_2.7.1-5ubuntu0.3_i386.deb f392209c623d6ddf849029b58a42e8c9 104762 vcs extra patch-dbgsym_2.7.1-5ubuntu0.3_i386.ddeb Original-Maintainer: Laszlo Boszormenyi (GCS)