Imported Debian patch 1.3.5-10sarge2

[gzip] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index 740739ec70ed0a783793aa9ef551d2d0cd923f63..52d6a13cc7fa5870b0df1fa2e84d87ac2dd342ea 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,24 @@
+gzip (1.3.5-10sarge2) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team:
+  * Fix several security problems discovered by Tavis Ormandy of Google:
+    - DoS through null pointer deference in the Huffman code (CVE-2006-4334)
+    - Out-of-bands stack write in LZH decompression code (CVE-2006-4335)
+    - Buffer overflow in pack code (CVE-2006-4336)
+    - Buffer overflow in LZH code (CVE-2006-4337)
+    - DoS through an infinite loop in LZH code (CVE-2006-4337)
+    (Patch by Thomas Biege of SuSe)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Sun, 10 Sep 2006 21:01:47 +0000
+
+gzip (1.3.5-10sarge1) stable; urgency=low
+
+  * merge patch from Matt Zimmerman for futex hang due to improper signal
+    handling, closes: #310053, #315612
+  * backport to stable since this problem affects several debian.org servers
+
+ -- Bdale Garbee <bdale@gag.com>  Tue,  8 Nov 2005 22:25:19 -0700
+
 gzip (1.3.5-10) unstable; urgency=medium
 
   * remove PAGER reference from zmore.1, closes: #263792