-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 24 Sep 2016 11:43:06 -0400 Source: unadf Binary: unadf Architecture: source amd64 Version: 0.7.11a-4 Distribution: unstable Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Luciano Bello <luciano@debian.org> Description: unadf - Extract files from an Amiga Disk File dump (.adf) Closes: 838248 Changes: unadf (0.7.11a-4) unstable; urgency=high . * Orphan package with security issues. * Tuomas Räsänene discoveried two security issues (Closes: #838248): - CVE-2016-1243: stack buffer overflow caused by blindly trusting on pathname lengths of archived files. - CVE-2016-1244: execution of unsanitized input. * Standards-Version: 3.9.8 Checksums-Sha1: 1ca4a450211d82969428bb13925a7aac4ffb5be4 1695 unadf_0.7.11a-4.dsc 15a18d20546e0bbde7a9578987897da87ecaa9b8 17924 unadf_0.7.11a-4.debian.tar.xz 67608a6e5488bee556cdf127bda5dbce8d0dd41b 71318 unadf-dbgsym_0.7.11a-4_amd64.deb 5505b8917f7cd2c19d040bbcb76e1fefd369f8af 111052 unadf_0.7.11a-4_amd64.deb Checksums-Sha256: 925bce8be8fd58e30b24f1bdbe6b295e70fa7a1516d77f87ddadd6fe5f99f047 1695 unadf_0.7.11a-4.dsc ff8873027d330cf3f87876149bd00fe737e0e9885debdda44ce6e3d27257eca3 17924 unadf_0.7.11a-4.debian.tar.xz cbc5cca895055beddc23413363cbb4be10ff040f728f611cb377875057f92115 71318 unadf-dbgsym_0.7.11a-4_amd64.deb a28f29a4854fea1738f3f2faf1587fd4a966afdbbc04a26f9050bb40cafd85df 111052 unadf_0.7.11a-4_amd64.deb Files: 1ec6937000c5283fdbc33be85e4f6084 1695 utils optional unadf_0.7.11a-4.dsc 042fd96d51e94e880e88f3adfbb01c03 17924 utils optional unadf_0.7.11a-4.debian.tar.xz 235bb4a1c9bba4bcc7f4343567c29d6a 71318 debug extra unadf-dbgsym_0.7.11a-4_amd64.deb 451348e43e3777bd8a3ab5bd19d534ec 111052 utils optional unadf_0.7.11a-4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX5sW1AAoJEG7C3vaP/jd0iqIP/1eRKv65uXJrbhjag032SZA7 3ZYps+eco77DaqeJgkTKalE+c1F8JA4kSU0x05JpPz9uthrDyJqb2tAMlAdnoQBW B+G/mTB0xtKP3uRR4aNm0L22WrA9t3oMGVcsIcAGW/ZbER+8dE6HZIw/vcrG5qQl zxotWfSHl+8+HI5gFO367Z6547Xe1qtXaBVbAFGt/0fRGaq5Y93tiNHk7KoEWoGm oUKg4vTWAr/vdHKOwUeRcFi8jY9O/PShfK4Kb5MJMyO28yczBq2vOHQTM83bGWOk yN0EtRveIVv4d15c/8P2nzfzJ006srACIPL+d5pcmF+kaA3jTDt+vwdjZLg5kOFs 3DbCxKbWu1mxebg1nXjHj1sHCMkJophAujlj4pjT2TuMi/e0gpjemAAit67EBrwL EXxESn5z8+q+AxH1d64VeIvasxl8NZ+ReLjHuIWf8UgyGaMeoDoJ5fc19rqk7O8g 5gYxdJM29cYjx+CMIzUHDltZWMaM/j5Q51C7ZeIZmz1P3YhvBk9PS8W/kKz/I6iZ g8MFZZbyaP5wn9cfRFwsP0pqJFtXWAMpPjGaame7/g7h13aBLvbDol1QVte4BxwB sQu/7ppFEc+mqUrwfskc7lBaFqCLtkj3m2bsJykZzPlnqhrZt7/HOTk7sEM5NGd5 Ev9b075TNawbfPMdWrKL =y27H -----END PGP SIGNATURE-----
