X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;ds=sidebyside;f=debian%2Fchangelog;h=52d6a13cc7fa5870b0df1fa2e84d87ac2dd342ea;hb=8ba3484138b5d1e72fd4ef49d27159263cb6bea6;hp=58cd01764b5e6b639025324c4fa3d1eb56e799ad;hpb=cf32d8987e502849a4a3ed61baa03c4ef6a9cdb5;p=gzip

diff --git a/debian/changelog b/debian/changelog
index 58cd017..52d6a13 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+gzip (1.3.5-10sarge2) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team:
+  * Fix several security problems discovered by Tavis Ormandy of Google:
+    - DoS through null pointer deference in the Huffman code (CVE-2006-4334)
+    - Out-of-bands stack write in LZH decompression code (CVE-2006-4335)
+    - Buffer overflow in pack code (CVE-2006-4336)
+    - Buffer overflow in LZH code (CVE-2006-4337)
+    - DoS through an infinite loop in LZH code (CVE-2006-4337)
+    (Patch by Thomas Biege of SuSe)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Sun, 10 Sep 2006 21:01:47 +0000
+
 gzip (1.3.5-10sarge1) stable; urgency=low
 
   * merge patch from Matt Zimmerman for futex hang due to improper signal