Format: 1.8 Date: Mon, 01 Jul 2019 15:30:43 -0400 Source: flightcrew Binary: flightcrew libflightcrew0v5 libflightcrew-dev Architecture: amd64 all Version: 0.7.2+dfsg-6ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: flightcrew - C++ epub validator libflightcrew-dev - C++ library development filesfor epub validation libflightcrew0v5 - C++ library for epub validation Changes: flightcrew (0.7.2+dfsg-6ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: NULL pointer dereference (DoS) when processing crafted EPUB file - debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed opf items in GetRelativePathToNcx() - debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed opf items in GetRelativePathsToXhtmlDocuments() - CVE-2019-13032 * SECURITY UPDATE: Zip Slip directory traversal when processing a crafted EPUB file - debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer - debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to always be safe - debian/patches/CVE-2019-13241-3.patch: harden further by throwing exception - CVE-2019-13241 * SECURITY UPDATE: Infinite loop leading to DoS and resource consumption - debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios library by checking for EOF - CVE-2019-13453 Checksums-Sha1: 74ac3f2e3609b450c78abcc2bccb1dfcf9d5f554 587134 flightcrew-dbgsym_0.7.2+dfsg-6ubuntu0.1_amd64.ddeb d9248c93b6893c368196180e2db02e5f4128d314 64194 flightcrew_0.7.2+dfsg-6ubuntu0.1_amd64.deb 5539c19aa6023e07659874fedff4c8992c22d229 7750 libflightcrew-dev_0.7.2+dfsg-6ubuntu0.1_all.deb 7fe5f80915efe9d60ccb12cd946a926591a21d64 6644224 libflightcrew0v5-dbgsym_0.7.2+dfsg-6ubuntu0.1_amd64.ddeb 204f0376247d1958fcf710cad59988453cab9f9a 357972 libflightcrew0v5_0.7.2+dfsg-6ubuntu0.1_amd64.deb Checksums-Sha256: 1c141402ebeb593e85bbfd73c24e0336d1edca64eada2b6c5346432061d856d7 587134 flightcrew-dbgsym_0.7.2+dfsg-6ubuntu0.1_amd64.ddeb b7f852e342bed85403251501b7106182079220ee9bfb1413721402235a851c03 64194 flightcrew_0.7.2+dfsg-6ubuntu0.1_amd64.deb b5dec27305e9fe2628af4d1515273812a0ad47118c8e95853a5d954939a82184 7750 libflightcrew-dev_0.7.2+dfsg-6ubuntu0.1_all.deb 350fb19e39728878d4b9ab101620f73ca4ce65609086298f42b76cf1bc66d4b5 6644224 libflightcrew0v5-dbgsym_0.7.2+dfsg-6ubuntu0.1_amd64.ddeb a8db7b092c3da3a3b8ee77ef86d0fa2186a7e6d26beb5ea27cae895437929d0d 357972 libflightcrew0v5_0.7.2+dfsg-6ubuntu0.1_amd64.deb Files: ed9b36afe058f09f6199ec9b534e547f 587134 text extra flightcrew-dbgsym_0.7.2+dfsg-6ubuntu0.1_amd64.ddeb 19b99865e1be56596ac7692d45052b11 64194 text extra flightcrew_0.7.2+dfsg-6ubuntu0.1_amd64.deb 62d667a592eb2eba89fa74380eeaa9df 7750 libdevel extra libflightcrew-dev_0.7.2+dfsg-6ubuntu0.1_all.deb 6fbf74e2bd25209fba73750b9c9fa903 6644224 text extra libflightcrew0v5-dbgsym_0.7.2+dfsg-6ubuntu0.1_amd64.ddeb 542d3ab307287b073e40b2a7fa057858 357972 text extra libflightcrew0v5_0.7.2+dfsg-6ubuntu0.1_amd64.deb Original-Maintainer: Mattia Rizzolo