Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <debian-lts-changes@lists.debian.org>
Subject: Accepted arj 3.10.22-9+deb6u1 (source i386) into squeeze-lts
Date: Wed, 08 Apr 2015 15:49:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 08 Apr 2015 16:10:46 +0200
Source: arj
Binary: arj
Architecture: source i386
Version: 3.10.22-9+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 arj        - archiver for .arj files
Closes: 774015 774434 774435
Changes: 
 arj (3.10.22-9+deb6u1) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team
     with patches from Guillem Jover
   * Fix buffer overflow from size under user control.
     This is causing free() on an invalid pointer.
     Fixes: CVE-2015-2782 (Closes: #774015)
   * Fix absolute path directory traversal.
     Fixes: CVE-2015-0557 (Closes: #774435)
   * Fix symlink directory traversal.
     Fixes: CVE-2015-0556 (Closes: #774434)
Checksums-Sha1: 
 be93b4cbe462e534bc7c4ad48266eea5ab2b5e64 1955 arj_3.10.22-9+deb6u1.dsc
 e8470f480e9eee14906e5485a8898e5c24738c8b 431467 arj_3.10.22.orig.tar.gz
 266b86cd307f515f3b8142cc1bb00dd6389f8874 13165 arj_3.10.22-9+deb6u1.debian.tar.gz
 ce3648060f9a343c93e9adc6256f5bd7f702a6e0 222492 arj_3.10.22-9+deb6u1_i386.deb
Checksums-Sha256: 
 cf5ac26f9e311582cee7823aab72ba3e2af153b0215fc18098475a18501c3f77 1955 arj_3.10.22-9+deb6u1.dsc
 589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db 431467 arj_3.10.22.orig.tar.gz
 b45594be4cb9d0710197eb09db6aefc4109496ec021e21c52b6656d2f727e30f 13165 arj_3.10.22-9+deb6u1.debian.tar.gz
 25112168cd1f3e54cd838f87488e86a3a38b5ac700a55896c1175560fb710fe9 222492 arj_3.10.22-9+deb6u1_i386.deb
Files: 
 bac9e6b24e15471d9d36c77fafb43e2b 1955 utils optional arj_3.10.22-9+deb6u1.dsc
 f263bf3cf6d42a8b7e85b4fb514336d3 431467 utils optional arj_3.10.22.orig.tar.gz
 1a9ff7b13dca415970c4aa999e8b4d79 13165 utils optional arj_3.10.22-9+deb6u1.debian.tar.gz
 8abf2c1ba2a26f50d572f91ac3abe911 222492 utils optional arj_3.10.22-9+deb6u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJVJTvCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHFeUP/3aHE9ZzYbbzvOZOK3/Tnccg
2wVa6w1mbKHpZ8gHPc/KICH/W4j4il1v/D2E7higv6WU82tK1HzUNocUaLEULbTH
7NRpilAotpzWvxGtAINFfuttW5ZZ1DFbSZ70wl0N4+KmaTRW6y+P1YkayAgYqVRM
or5CN3pYdIQ68YDETbp9QJnkkms4SnysshGWyNW0AWF4gXI7g1v0A8SmyLAm6HB2
DcNDKyy6jj0KuAwyZhOEoXw6H6GTwDHsr/FDeUo72fqm8MmGyHogi+zGyqx4wu87
Awv+fUON45WTp3UDTO4JkpJTY5EsZ/R5ow08Gl2ulJuVNcjPQgnsyKlryG7Qu18L
rLIg40QNTSR3z3B9wpUG59X3eOCV8wG70RVgFJBqnn4AEnOyUwC1O0/cYYjLuuk/
UTNwme3ve7v/sAf6NvPPhmEJO3Qj8JTgznDLqEAGYGn9K9nP3yXy1FQoM41waGmR
kikCwNluYTnK0QN55nWGvMQjjFMeQt5Nw+HGFBZ5rlneR7HgjtTJsznedsDO9Y4d
dD8Lvd4ynpKb5UX7aACRYAcyNmvXDUrVI0I8pltRWLYupVSzea9N5OeZN4dIAORa
VFypuV0vMc5pqQt0A+6Cr8pCIZopjOgjcs+VCC3pZWe60XvCdd+YQ9aUdL240qW3
KnoGLaGtpxF362NVn8k7
=/I3A
-----END PGP SIGNATURE-----
News for package arj
