-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 21 Sep 2016 03:27:21 +0100 Source: unadf Binary: unadf Architecture: source amd64 Version: 0.7.11a-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: unadf - Extract files from an Amiga Disk File dump (.adf) Closes: 838248 Changes: unadf (0.7.11a-3+deb7u1) wheezy-security; urgency=high . * CVE-2016-1243: Fix stack buffer overflow caused by blindly trusting on pathname lengths of archived files. Stack allocated buffer sysbuf was filled with sprintf() without any bounds checking in extracTree() function. (Closes: #838248) . * CVE-2016-1244: Correct execution of unsanitized input. Shell command used for creating directory paths was constructed by oncatenating names of archived files to the end of the command string. (Closes: #838248) Checksums-Sha1: 615aee980f21ef85ed80098407ab76a0a8036a85 1700 unadf_0.7.11a-3+deb7u1.dsc 63c05f97302ff67f5d7ff2d9e33f9a66196f9578 209458 unadf_0.7.11a.orig.tar.gz 040ce52a550612474ac0d8e3af5169429e6b48ad 21762 unadf_0.7.11a-3+deb7u1.debian.tar.gz 4bd6b2041f4d1c7431ae20503b2a335168f1ace0 119676 unadf_0.7.11a-3+deb7u1_amd64.deb Checksums-Sha256: db4a5a7defcec018da390d90f58710ba0d5f59f33b16450e0407f3d2866c1576 1700 unadf_0.7.11a-3+deb7u1.dsc fa9e0e34b1b0f4f4287905a3d485e3bba498451af98d6c12be87ab3a2b436471 209458 unadf_0.7.11a.orig.tar.gz ed723ed04624b6337d42e47ce40217bc218c7be64098fe0ba316b5d01a91a841 21762 unadf_0.7.11a-3+deb7u1.debian.tar.gz 7f415e272a7105734f7102bd8ceb42c2700672d41803a2aadf213490edcd5336 119676 unadf_0.7.11a-3+deb7u1_amd64.deb Files: 613e73c52d252e3e0fd426c8c8f320bd 1700 utils optional unadf_0.7.11a-3+deb7u1.dsc 63c21eeb61e1473d8dd214e0b39cb819 209458 utils optional unadf_0.7.11a.orig.tar.gz 32c3c4f104526bbea523dfbbd942dd9b 21762 utils optional unadf_0.7.11a-3+deb7u1.debian.tar.gz a601b5f46efde3fe46553db1372646a6 119676 utils optional unadf_0.7.11a-3+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJX4fzCAAoJEB6VPifUMR5Yi3sP/2KLZIcRXBxGEcl9gQqWPtqo v8goh1o4qGXTkPyxuLEt4CHCadEFUa5xlMFlvXu8HYklFqXAxlNHJqEWwDqNvTmH 6Vvsy4/CsCKVEVhjbbhw1uIulJ1NqKmZ2weHrEJLmQnbFs98heqWktqKuCU5qu5z eAes9BJzE644Ag6PxNrp4s8LB/ZPUHQCzKdeXQT0vbV30s5OiB5PXH7OUc+3gQfC vZJtTQ/5qE7JYkI0oyffe6G2hLDbzy4tWyUuKaATXyMwGgB2Y90W8wQHcYX+0AFJ p/Nm1cL46cwzl0xpg0A0gRDoS9VKwy4yVkTWGLRChw8wbSWn7Qze/DET82/fyuco d53/9HydBtgAEwrOHCcdxafGJ90Hv1uUXWAPcysnJMif43XC1JcfzrAJu86IaIW0 BkHH3MKj1EcH0WqC3O7MQ96iTi6z0LAcThSN8J7+yxEPqrU/iLQXMhQciMgsrgJd +VO4plwn1ETD7MYWLWuRGLoiTGv6lRVrj3XTTobtDhbr3ZTGrOwVX7XPwhf57HQ2 7YgE5UKH2veKmU9btWBmPPsdevNCSQe9cDEg6Ief8OalfjqDNDqqc+YfShZPQZVP WgrhWMunGMzG6rF8umICNJ2KbwW6g0TflY+LqM0SevBi/ZK8wTE+Elvmns9iW3T+ T0y4cq4UOuVTm1qfdHHW =NX4b -----END PGP SIGNATURE-----