]> git.cworth.org Git - gzip/blobdiff - debian/changelog
projects / gzip / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Imported Debian patch 1.3.5-10sarge2
[gzip] / debian / changelog
diff --git a/debian/changelog b/debian/changelog
index 58cd01764b5e6b639025324c4fa3d1eb56e799ad..52d6a13cc7fa5870b0df1fa2e84d87ac2dd342ea 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+gzip (1.3.5-10sarge2) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team:
+  * Fix several security problems discovered by Tavis Ormandy of Google:
+    - DoS through null pointer deference in the Huffman code (CVE-2006-4334)
+    - Out-of-bands stack write in LZH decompression code (CVE-2006-4335)
+    - Buffer overflow in pack code (CVE-2006-4336)
+    - Buffer overflow in LZH code (CVE-2006-4337)
+    - DoS through an infinite loop in LZH code (CVE-2006-4337)
+    (Patch by Thomas Biege of SuSe)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Sun, 10 Sep 2006 21:01:47 +0000
+
 gzip (1.3.5-10sarge1) stable; urgency=low
 
   * merge patch from Matt Zimmerman for futex hang due to improper signal
Debian packaging (and source) for gzip---co-maintained with Bdale Garbee