Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted arj 3.10.22-10+deb7u1 (source amd64) into proposed-updates->stable-new, proposed-updates
Date: Mon, 06 Apr 2015 19:47:05 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Apr 2015 20:21:46 +0200
Source: arj
Binary: arj
Architecture: source amd64
Version: 3.10.22-10+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 arj        - archiver for .arj files
Closes: 774015 774434 774435
Changes: 
 arj (3.10.22-10+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Security Team with patches from Guillem Jover
   * Fix buffer overflow from size under user control.
     This is causing free() on an invalid pointer.
     Fixes: CVE-2015-2782 (Closes: #774015)
   * Fix absolute path directory traversal.
     Fixes: CVE-2015-0557 (Closes: #774435)
   * Fix symlink directory traversal.
     Fixes: CVE-2015-0556 (Closes: #774434)
Checksums-Sha1: 
 9fa687d59458d6b2d91998e759e07edc55f3c1df 1868 arj_3.10.22-10+deb7u1.dsc
 e8470f480e9eee14906e5485a8898e5c24738c8b 431467 arj_3.10.22.orig.tar.gz
 14b9e82b5efcd5dfed26eef9e22421ac4d90b443 13070 arj_3.10.22-10+deb7u1.debian.tar.gz
 9c6190f46fde036b3fabcbb063b1199c0b74a680 255620 arj_3.10.22-10+deb7u1_amd64.deb
Checksums-Sha256: 
 39d9e909a402be3276326e2025b8d131f7057fd9a3430b4c32999cc1bc54b8c0 1868 arj_3.10.22-10+deb7u1.dsc
 589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db 431467 arj_3.10.22.orig.tar.gz
 98d8447055d7de1f4c651d39617b6092d65facfbe612283fa7d350e5bb64ca45 13070 arj_3.10.22-10+deb7u1.debian.tar.gz
 1b354e6a019cb16492302fd7ed3b0bd11d3655928ec230d43cc9940d81807531 255620 arj_3.10.22-10+deb7u1_amd64.deb
Files: 
 dffa1e4d08a242cb947a0482cee88d4a 1868 utils optional arj_3.10.22-10+deb7u1.dsc
 f263bf3cf6d42a8b7e85b4fb514336d3 431467 utils optional arj_3.10.22.orig.tar.gz
 ebb6688ad836b69bbea84a50a13abd95 13070 utils optional arj_3.10.22-10+deb7u1.debian.tar.gz
 a83fc6974be5ef5c255392d52644b349 255620 utils optional arj_3.10.22-10+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVH2xQAAoJEAVMuPMTQ89ENuAQAIxZH7nMiewZwePzarGZK8Ws
cqcy5jyIKGcBPSSIGRFZ8J+cAcRtDigGBIg77gon+BVXckqDSFEow4ExeEi8GNtc
D731Wx0lYCCqEYn6zlIT7qV2Kb/PiRQ01718Pe3732OwaRnV4yn8+5d4352jiqwR
utFVPyQEljfpUqop9wNylRL8mNemJpgkdQFSqVj3z/t98Qmgk34sN13jZ6SEmY4o
fwZiXJA6DOgG33BSM6J0Ww31NWBTu6a0nkjLJWh7tC64kmkozyJ2MpDrwf+ALu0K
9kuyX0jsq3LmdLppro+WAISAW7vHA1Yjf0RceuO47YPFmHcN/qARxYYJ8HTWPM32
QtZ0D9bCM2Ti1W2pUvTz8vtSr3FQJ5jUtxjjMbHgRIHO3RwWdlWnrqBjyY5+jHJQ
6q8Ak9zsIDyhAY+Fx3eXM2KDkqGkhIDrJcIN+vpE9albHbkjnX6QvTJXTvHD19j4
46aIVnfkpn7gmUHlPm5XJtnZCAJRtIV+iZqcSKUwKEBAnlPM8FPDMl59KVsweUXy
a4QT6o9gHnOqC34bvkKV/+4914cjVdWfm5fqZOZpUxXjAmtfa+Jck3c1+NSsKh+r
KCKEJ3HgSLckuwbsSmlcaZ+z/zQ9laoBda4DN7FPS9P5qBDLlb8wv4BiLMjENIaW
YAxREnE2Nq86dZG1g/+5
=PQ65
-----END PGP SIGNATURE-----
News for package arj
