Debian Package Tracker

From: Martin Schulze <joey@infodrom.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted chmlib 0.35-6sarge1 (source powerpc)
Date: Sat, 12 Nov 2005 00:47:03 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu,  3 Nov 2005 07:41:36 +0100
Source: chmlib
Binary: chmlib-bin chmlib-dev chmlib
Architecture: source powerpc
Version: 0.35-6sarge1
Distribution: stable-security
Urgency: high
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Martin Schulze <joey@infodrom.org>
Description: 
 chmlib     - library for dealing with Microsoft CHM format files
 chmlib-bin - library for dealing with Microsoft CHM format files
 chmlib-dev - library for dealing with Microsoft CHM format files
Changes: 
 chmlib (0.35-6sarge1) stable-security; urgency=high
 .
   * Applied backported patch from the maintainer to fix vulnerabilities
     [src/chm_lib.c, src/chm_lib.h, src/lzx.c]:
     . CVE-2005-2659 - LZX decompression buffer in chmlib
     . CVE-2005-2448 - Endianess errors
     . CVE-2005-2369 - Multiple integer signedness errors
   * Applied backported patch from the maintainer to fix memory alignment
     errors [src/chm_lib.c, CVE-2005-2370]
   * Added precautionary code from the maintainer to fix potential buffer
     overflow [src/chm_lib.c, CVE-2005-2930]
   * Applied upstream patch to prevent buffer overflow [src/chm_lib.c,
     CVE-2005-3318]
Files: 
 022d55ea43ef4a54648b0823163c4a07 604 libs optional chmlib_0.35-6sarge1.dsc
 8fa0e692b2606a03fb51589f66a82eec 368428 libs optional chmlib_0.35.orig.tar.gz
 55eeab9a32a66c5e123ab51f3d7427df 15698 libs optional chmlib_0.35-6sarge1.diff.gz
 7e7d08b907286bf4b326a97ed0b9ad72 27380 libs optional chmlib_0.35-6sarge1_powerpc.deb
 a24a33a3eba0b35608f23159fab58a4d 22032 libdevel optional chmlib-bin_0.35-6sarge1_powerpc.deb
 6a0564ea6c10034569bf0b428c372dd9 23558 libdevel optional chmlib-dev_0.35-6sarge1_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDabNdW5ql+IAeqTIRAs8TAJ0evVybaNg4dVYFfj0MqMHazoFrZwCfSvJB
ORGoWN9vhudzTsHBmtTKOwc=
=wVIv
-----END PGP SIGNATURE-----


Accepted:
chmlib-bin_0.35-6sarge1_powerpc.deb
  to pool/main/c/chmlib/chmlib-bin_0.35-6sarge1_powerpc.deb
chmlib-dev_0.35-6sarge1_powerpc.deb
  to pool/main/c/chmlib/chmlib-dev_0.35-6sarge1_powerpc.deb
chmlib_0.35-6sarge1.diff.gz
  to pool/main/c/chmlib/chmlib_0.35-6sarge1.diff.gz
chmlib_0.35-6sarge1.dsc
  to pool/main/c/chmlib/chmlib_0.35-6sarge1.dsc
chmlib_0.35-6sarge1_powerpc.deb
  to pool/main/c/chmlib/chmlib_0.35-6sarge1_powerpc.deb


-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
News for package chmlib
