-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 06 Jan 2015 00:14:58 +0100 Source: gcab Binary: gcab libgcab-1.0-0 libgcab-1.0-0-dbg libgcab-dev libgcab-doc gir1.2-libgcab-1.0 Architecture: source amd64 all Version: 0.4-2 Distribution: unstable Urgency: medium Maintainer: Stephen Kitt <skitt@debian.org> Changed-By: Stephen Kitt <skitt@debian.org> Description: gcab - Microsoft Cabinet file manipulation tool gir1.2-libgcab-1.0 - Microsoft Cabinet file manipulation library - gir bindings libgcab-1.0-0 - Microsoft Cabinet file manipulation library libgcab-1.0-0-dbg - Microsoft Cabinet file manipulation library - debug files libgcab-dev - Microsoft Cabinet file manipulation library - development files libgcab-doc - Microsoft Cabinet file manipulation library - documentation Closes: 774580 Changes: gcab (0.4-2) unstable; urgency=medium . * Indicate that libgcab/gcab-enums.* is licensed using LGPL-2.0+, not 2.1+ like the rest of the project. Thanks to Thorsten Alteholz for pointing out that this should be indicated explicitly! * Prevent path traversals; contents of cabinet files are always extracted below the extraction point and cannot escape it. Closes: #774580. This is CVE-2015-0552. Checksums-Sha1: 85d60d13a1d582efa153740d590afdfe93ce0f64 2184 gcab_0.4-2.dsc a7f27a0df4ecc6561ba123a84af37c293b034ffd 6092 gcab_0.4-2.debian.tar.xz 4197124e292b09944b7dbf76902593c98d471851 16834 libgcab-doc_0.4-2_all.deb Checksums-Sha256: 0bf5abf2728b8cc2f796c132f93d5c7f517e922d45e16634d6372270b9a66307 2184 gcab_0.4-2.dsc 7b62faa8f0871b8e30d10b22e8e002e6b5bb280f042f424a967167b686df18de 6092 gcab_0.4-2.debian.tar.xz 66161d6a3bd50e06806eb27681fa6ca59686495167ff9e7a1c1405c9c14c7cba 16834 libgcab-doc_0.4-2_all.deb Files: ac0fdfda99a8ad71b5fba0406e8f6a02 2184 utils optional gcab_0.4-2.dsc 3be119f1fd94c9c0044fbd5eefa57f2c 6092 utils optional gcab_0.4-2.debian.tar.xz 6f51f38d53ab99262bdfa42c1ba5df4e 16834 doc optional libgcab-doc_0.4-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUqxuGAAoJEIDTAvWIbYOcCLgP/R8sTgxlFieqlIeqe/MIMPc9 v0rqcBgI7Ze30VBUjxxZBBUk1RS/NKh2FypR7iOQtcRkY9Hamah3f3YQ7G3KraRp FgTkyxSqADdXsoQTRAJYfLOUtPAD1BPoBs2GWxlwVXhm8N/F+q/nJPkGpiEI10Dj ppJDD1Z/S2mE9DXsEUkcK2z53pAMsIV4h7LfjUHuAlCLJUX5o2BZf7lspLY55Vw/ B8Qe1sm1V8odQuFoiuqj5u/xhwwY5vSpJJSPz8OsXT/kr+Hf3qJ6G1uQ+VqdZVLE YSxxRvhR5lucz4+uuVoXOwrRC3Vvbjj8BCjusVpY6D0cm7eGEIxS+mamfhAtGEa0 n3VrixklxN3+5mAiLPijYFNh85bdgwXaoqSQMualhXw13gvqf0EZKRTE567iLnv5 he3zcFmsvLIyMR3oLd9SkEN8iWuO4XjbR+mrfdqGdapaEiJYLbANA88iMT4p8Rxx 8+w6Oawp3ytO62Uyy7sLlmubqXUbdCqmebwTx9lPSg/zPyQES0nGn9PPR9+J0Yk3 rZILdejSmiEtoiEHltlONXhvTwx3qkmgrU2+RwDB9zTUwMMThTFGm5v9K42Jffb8 3tW+BfZqjN1sK9Fxk4CG71Ft57yhzdCf90Ac1dvoIfmgxoK1I7YcO3gDT89S1VfR k16dWyJ0dRPBhBnzfmQE =TV4d -----END PGP SIGNATURE-----