Debian Package Tracker

From: Moritz Muehlenhoff <jmm@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted gzip 1.3.5-10sarge2 (source i386)
Date: Sat, 28 Oct 2006 08:25:39 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 10 Sep 2006 21:01:47 +0000
Source: gzip
Binary: gzip
Architecture: source i386
Version: 1.3.5-10sarge2
Distribution: stable-security
Urgency: high
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description: 
 gzip       - The GNU compression utility
Changes: 
 gzip (1.3.5-10sarge2) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team:
   * Fix several security problems discovered by Tavis Ormandy of Google:
     - DoS through null pointer deference in the Huffman code (CVE-2006-4334)
     - Out-of-bands stack write in LZH decompression code (CVE-2006-4335)
     - Buffer overflow in pack code (CVE-2006-4336)
     - Buffer overflow in LZH code (CVE-2006-4337)
     - DoS through an infinite loop in LZH code (CVE-2006-4337)
     (Patch by Thomas Biege of SuSe)
Files: 
 b4ef2a9e595a17f8596fdefb1f4b9bf6 566 base required gzip_1.3.5-10sarge2.dsc
 3d6c191dfd2bf307014b421c12dc8469 331550 base required gzip_1.3.5.orig.tar.gz
 cd1bec47a01d72c800f3bac85dfcc5f3 60478 base required gzip_1.3.5-10sarge2.diff.gz
 8267f1f753b0a2b380d149280b6e44bb 71164 base required gzip_1.3.5-10sarge2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFDHz1Xm3vHE4uyloRAqdhAJ0cht/H/pzFWtqcF56FNmPOIdXUlgCg1TTf
Y3Ydrv9+dAYWzP3In+89C6U=
=EFds
-----END PGP SIGNATURE-----


Accepted:
gzip_1.3.5-10sarge2.diff.gz
  to pool/main/g/gzip/gzip_1.3.5-10sarge2.diff.gz
gzip_1.3.5-10sarge2.dsc
  to pool/main/g/gzip/gzip_1.3.5-10sarge2.dsc
gzip_1.3.5-10sarge2_i386.deb
  to pool/main/g/gzip/gzip_1.3.5-10sarge2_i386.deb

News for package gzip