-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 18 Sep 2021 13:42:40 +0200 Source: squashfs-tools Architecture: source Version: 1:4.5-3 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Closes: 994262 Changes: squashfs-tools (1:4.5-3) unstable; urgency=high . * Backport patch to fixes: - use squashfs_closedir() to delete directory, - dynamically allocate unsquashfs name, - use linked list to store directory names. * Fix CVE-2021-41072: additional unsquashfs write outside destination directory exploit fix (closes: #994262). Checksums-Sha1: 8892003c3dcdde19f202fd820715fb0367aaa007 1891 squashfs-tools_4.5-3.dsc b6352dc50f8dbaf44e12bd998c39661a14a0b7c6 17016 squashfs-tools_4.5-3.debian.tar.xz Checksums-Sha256: 392e45bd16aadafb89f37295e770837a15f36f78c0d052e35f3dfcb05afffabc 1891 squashfs-tools_4.5-3.dsc 18f4c2d35cea663f784efe717f4c9d88af13a82b19e28a79b230195d42f84729 17016 squashfs-tools_4.5-3.debian.tar.xz Files: 781c80dd6fb4a49c911d9c6e3928ce84 1891 kernel optional squashfs-tools_4.5-3.dsc f3a9e60caa2bd1f4fa371ad62d7beca4 17016 kernel optional squashfs-tools_4.5-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmFF1RAACgkQ3OMQ54ZM yL+ZCA/8DV6/1NnH2Y/vAUjSZWjCtiWjWZZiZY73wT7JuEugSAecKgTx9kqlDzHI 3vgbH7uKy8MFvN6kUaD0PK5DD5fN805J8fhnSpMEbpWeCX2Eoj5PEKEiQb+50+2T lw2cbg9P9A6AQUSqq4a6eRS0+bx9yMYIvMcIORqdsmQilH00b9+rugkZGtNBeOdY SvAZZ0SddVuS5TKQ4L6o+hGgZODT94zl/ggP8P8kv9IcN3816bPrttDXcn2KQsDI d8XCh6PTdVgh5BOT8oQrV7TGB4M5qPSaoe1JaGrnOqguILQ7nrFYgxDxPZjkYN1Z 5saFQY1PLVM/imjC1694zCteSElWKjVtzwFnIuGeZTI4/zQpYmB9HSEZHFhqB8FX qPCWYXhXDGJzJB967CpqJKA/9t4xXocg9HwnCjX9nnmQbrf4shcG95YSbsjNo7YF hPPB++h8yL68RwLche5RT0FuDbYgZWldznCjoI7rLnlqUhG+ryS/F3/sg/kaTdc8 3uBQh6Tcz4WLnH+3PF+OfleZHZnXqeoV0cIxWlKs3RGLrJd48Kto/B+tmrMOKYCQ glJKHESsDLO565NpsltYWYomR8WLkuOPKLPGczL0O51KfCcuG358i/1mbFiNrEIN 2RKrnBf235R/wWn62gJDEp9DHr970N2UPd1mrPVVsqvd3tVjmb8= =bO9u -----END PGP SIGNATURE-----
