-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Feb 2015 17:41:44 +0100 Source: unace Binary: unace Architecture: source amd64 Version: 1.2b-10+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Guillem Jover <guillem@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Description: unace - extract, test and view .ace archives Closes: 775003 Changes: unace (1.2b-10+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add 006_security-afl.patch patch. CVE-2015-2063: Buffer overflow when reading bogus file headers The header parser was not checking if it had read the needed data when parsing the header from memory. (Closes: #775003) Checksums-Sha1: d4a28e1fe16469e29b97e14ea00c8183876dc43d 1757 unace_1.2b-10+deb7u1.dsc 54781d630644a68bb3d9338fa6a018b2d4553efb 27561 unace_1.2b.orig.tar.gz 348674d9c549751e31a45da8b802d825d72a2b5c 8551 unace_1.2b-10+deb7u1.debian.tar.gz 61828dedb70b0a814a2f8d19e9266346348427ec 19954 unace_1.2b-10+deb7u1_amd64.deb Checksums-Sha256: 591b0604111b5e71d4671b9bd88001d17406f1140c59e045460cf8c5538bc2b4 1757 unace_1.2b-10+deb7u1.dsc a5f3b7d0994b2c6aa3b95ac1196ee18605d8dbd0660f978f8d64b8583fb55490 27561 unace_1.2b.orig.tar.gz f01ee6db9fcbd8889070967bc5ab8fd3d527e8d1ae7c39668d643d43ceed1de9 8551 unace_1.2b-10+deb7u1.debian.tar.gz 31984f0b9bf2da8dbba0e45d04baa0256e113a0c2918b1345b330942fd3128d9 19954 unace_1.2b-10+deb7u1_amd64.deb Files: 436546b94338df370478557d8c8483d9 1757 utils optional unace_1.2b-10+deb7u1.dsc 51360df61997db28787b60ea7321d83f 27561 utils optional unace_1.2b.orig.tar.gz cb39b954491b0b84915f52a0688f9fcf 8551 utils optional unace_1.2b-10+deb7u1.debian.tar.gz 386bd063199f1d5ec907c47babfc5768 19954 utils optional unace_1.2b-10+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJU7KqyAAoJEAVMuPMTQ89EsEEP/j/VUe1wDPSG8qPsgaf0bYfN HQ8aIzOktuNzQgYGW3GWTzsfU3fgxraJODjAVZHeD6yizJxh/4x0k1SbxqeVJJKt lMnk7Tf3/TYOdMFtlj6Nps8LQ1Lb908eltlYnNd955PSxjiLDLFLTyfQX88syJn+ 9wz+hcQnGZ/c6HFErxeH4HUyapg/l+Vi28kpa7S89aWQsOTLd+clZ2NQmv0bsXjf VrlLInhkEp4h22S1cl9OJcwD5H+6StJbUVos3jg3YsZZrBnxUQaww1DG2R/FYKh8 7d1NN0BxWQvjCHgfXAYrPgCeiIpvUhOj/Sb/kJIkI5cDUqA+1nri/dpYuGDEKmI6 51gle/jjQjsQagsJIVPK2IivsLHYror1u1jxpM6CFndukauhrHCem/0Yx7IqICRw Q7JsYBbWWi1wplOcdRRBNN+//Ny/gZdmcM1m5a0BBwF0jkbLzh5d71GH8N9xx9vW YgkXFAwnUBPAvty19nvuiu+J8ZVOvZ4bJ58nQJXUZNOZXA5YwZ3NIQljXsvWln9a nIMonIr4zdqeVLKSXuoUJGenYKG7dL4+g8dL2TgL+F1jBX1Qj3NtWPhFKH27/CjJ SNVCmd57UKi9nswupTM8B/QD/d1Vy85EYdCvXModgdXWMKIxbTVCkVsFPH+tpXFW IDUDDv/5692cTwJ1dUNB =tsx5 -----END PGP SIGNATURE-----