-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 31 Mar 2016 07:08:03 +0100 Source: lhasa Binary: lhasa liblhasa-dev liblhasa0 Architecture: source amd64 Version: 0.2.0+git3fe46-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Jonathan Dowland <jmtd@debian.org> Changed-By: Jonathan Dowland <jmtd@debian.org> Description: lhasa - lzh archive decompressor liblhasa-dev - lzh decompression library - development files liblhasa0 - lzh archive decompression library Changes: lhasa (0.2.0+git3fe46-1+deb8u1) jessie-security; urgency=high . * Security update. Includes a fix for TALOS-CAN-0095: an integer underflow vulnerability in the code for doing LZH level 3 header decodes. Thanks go to Marcin Noga and Regina Wilson of Cisco TALOS for reporting this vulnerability. Checksums-Sha1: ae4e1340b6ce0e8b08a68c2130607afc32ff94a1 2075 lhasa_0.2.0+git3fe46-1+deb8u1.dsc 9d3bf996acc6d8f94c92be398a3e7f89683193ba 2012004 lhasa_0.2.0+git3fe46.orig.tar.xz c3f1895cb9a9fbc68e3d8bd57cf9902f1bf1ecaa 3832 lhasa_0.2.0+git3fe46-1+deb8u1.debian.tar.xz fac4be16066a927f80ac930ea44becaf60b03d0c 13880 lhasa_0.2.0+git3fe46-1+deb8u1_amd64.deb 732492d63ede3752e453c5f2dfcc27931e19afdd 28572 liblhasa-dev_0.2.0+git3fe46-1+deb8u1_amd64.deb 1d9cad76a11c426b9cdc43969c7a2f122ed8ea1d 22214 liblhasa0_0.2.0+git3fe46-1+deb8u1_amd64.deb Checksums-Sha256: 601d051a69b9017d9fbdaf44d81fad0d7c47fd9aeb4786426d8a12bd8fed6a85 2075 lhasa_0.2.0+git3fe46-1+deb8u1.dsc 966cc39ed9e9cbc38ec439cef70451809d05279b288a76d5276b776942274858 2012004 lhasa_0.2.0+git3fe46.orig.tar.xz ac57fb8536080af17205f8056c403430777231ebc157028d28dfb06f3e5dfa01 3832 lhasa_0.2.0+git3fe46-1+deb8u1.debian.tar.xz 56a737882af22c9acf3cc6ca94c823e86dbaa453b57ba8979403590943cec868 13880 lhasa_0.2.0+git3fe46-1+deb8u1_amd64.deb a961e10183dc17cd1501e8b206ffcb15e12614d07babd7b47ac30f9edd2d1dbf 28572 liblhasa-dev_0.2.0+git3fe46-1+deb8u1_amd64.deb 81f9d566f7d687ea5600dc5976f3f379fecb9b6cda345bd71ca094f867b7f00b 22214 liblhasa0_0.2.0+git3fe46-1+deb8u1_amd64.deb Files: 03eaffe6fae7d1a1ef7801176ae883ff 2075 utils optional lhasa_0.2.0+git3fe46-1+deb8u1.dsc 3fee136f7f591334eb0eda0679bb6057 2012004 utils optional lhasa_0.2.0+git3fe46.orig.tar.xz 300e1c9900da2b2b3c6828321e9cfdf6 3832 utils optional lhasa_0.2.0+git3fe46-1+deb8u1.debian.tar.xz d2a93d577463222422a9119a07ebcabf 13880 utils optional lhasa_0.2.0+git3fe46-1+deb8u1_amd64.deb 62a5ba4b4469ed978362a2e2d4222df2 28572 libdevel optional liblhasa-dev_0.2.0+git3fe46-1+deb8u1_amd64.deb 55a9bb75638e9124f3e6fb1c56598703 22214 libs optional liblhasa0_0.2.0+git3fe46-1+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW/PjMAAoJEAkHQJYGqqqqwAAP/0Bq19B+X3vQcQuiqv9fTGoN 5IvjKVb5ZxbLmWAWjxbbb3CU2Ghit/GmccNQDIpBrLMc7Lkcl8ffKUsBExaQgSeH PT9MJfgfrv1lnYLG9t7yD7quBd/sYbbKojItIyom1Px61JFVaYE/Y47httebWuli aefGStdJNdXY8kcXCZK3oDNs8cEK+faJQnNvd9qb3qAV/vtgvLJHoiyha9AyMhT3 4rB0Hy3WG2R7AI86FTaw29lJlVloemgWix6sda/ozL1kHIatMHt7sTSRNIfLpI0n uHHeW6SH8g+EIz164AbUMLTkTY9HmlAjjoEyHmboRogQOsaQ08Y0QzKmsfUMDUrO xG/etT1s3PMTeCiS4k+lvPL0QuMCKqlwmoCepVizfmQjV6jKWB7+27aIs9q9Vtu7 lifcnuG7ZRTeuCzta4FA6JY5+4Snvo60iYwPXncOOPfsbBOMfxzR/INdCfE54Aar 6fLN+tBftN+Uj0SBcRa7M1sRFquLR60G0rSqgkqFouMIB60PxjEqhKgeygsP73NQ PrGNRx+cPgw2rAwSl7CwPmgggnV95RuTddnla5zooQ/YS/mgfZMgdhUSgcJy+SlF jEw352QPa//IvOAvVjSpL0u9KvjVxyMFRjEmqUnCDL7EZzNbMtPs+HOjJTaNHxU8 wJP8zyQjstDnrW95K00d =yisO -----END PGP SIGNATURE-----