-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 18 Sep 2016 23:11:18 -0400 Source: unadf Binary: unadf Architecture: source amd64 Version: 0.7.11a-3+deb8u1 Distribution: stable-security Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Luciano Bello <luciano@debian.org> Description: unadf - Extract files from an Amiga Disk File dump (.adf) Closes: 838248 Changes: unadf (0.7.11a-3+deb8u1) stable-security; urgency=high . * Orphaned package with security issues. * Tuomas Räsäne discoveried two security issues (Closes: #838248): - CVE-2016-1243: stack buffer overflow caused by blindly trusting on pathname lengths of archived files. - CVE-2016-1244: execution of unsanitized input. Checksums-Sha1: a9833a042a8124bfdbe6c305b79b63a419258c96 1723 unadf_0.7.11a-3+deb8u1.dsc 63c05f97302ff67f5d7ff2d9e33f9a66196f9578 209458 unadf_0.7.11a.orig.tar.gz d7a189f0824ddc05cbe13dde8ba7280bc0c2ae91 19368 unadf_0.7.11a-3+deb8u1.debian.tar.xz 330193a8f503a1666a6294c0bec3c52b298c8f7e 111122 unadf_0.7.11a-3+deb8u1_amd64.deb Checksums-Sha256: cdf0531de6b73dfe4ab7f4d9a0886ae4b2565d4f5f5a48fb1db3bf0953c1319b 1723 unadf_0.7.11a-3+deb8u1.dsc fa9e0e34b1b0f4f4287905a3d485e3bba498451af98d6c12be87ab3a2b436471 209458 unadf_0.7.11a.orig.tar.gz 6aa90a89df12f712098d62213eb35c2d4195bfbea389af4936d8a74f6f6b78bc 19368 unadf_0.7.11a-3+deb8u1.debian.tar.xz a30718e98459f6c3b2d292cdf67115dba3f77c26b6e5530c1b244daec20d018d 111122 unadf_0.7.11a-3+deb8u1_amd64.deb Files: 09671a48add8e2d1998572c1f28fd258 1723 utils optional unadf_0.7.11a-3+deb8u1.dsc 63c21eeb61e1473d8dd214e0b39cb819 209458 utils optional unadf_0.7.11a.orig.tar.gz 01bc54dc8cce49609bf509dfd6182ded 19368 utils optional unadf_0.7.11a-3+deb8u1.debian.tar.xz 388dd0e716d5bb36096a1217609b38dd 111122 utils optional unadf_0.7.11a-3+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX5shEAAoJEG7C3vaP/jd0VVMQAI3I7PjzwtpBxz8iGaIYCkHq 1JwEQGcO8QsEdekVfb8aWVan2xOIBw0rfgA3HHa8l8EwA6EInAdNOBhF/TxwMo5P 5myXhOyMj5LBsgT+7V4BRaoH9wM4TEP/K6EW5hpd1RHiZWdUni2B0zijelz8pzcf VtwiVIZCkdblWIjqnxeeU1rQNvUBXkVU1/EDOZlg/ePzySQSXFDFT5JVkbbPGAVW EMIJC6j5GeN06bFi6fN7wZlK3kVTzmrgBNQZitMHuMC9Cjdah5RzPmh/vyU6Za+v alzvkLDNdn6R4J2sgtf3Eg5ol6FNjGKZDIbd5PfI/q3KWj1R+wWA/01DRur3yP+Y c+cQi+4SpXlXOYYSnOC2x9qJvAt47T5lXfaPXQ2q00wPckch3nUegxn0qCUExS+U Bnx+6fngdqVdCQGmJjo4qEcDQEdhUFEYURis0E3VLQP8afk+slu8xaFeWAS2APMg umYCLRhmqENh4UvbXDeyaluqG/P2/yAqpFb4/sGJZZIPsM1reaIltSMc0S6eSpSl kTkQmk1eyP46ixbgCKF5rHvu9vL316Q6twBNRlG4SYj14O/HJM0filbNJN9MJvfN 3AeKqG6JQ6ytQcpP1z0GUP+ZRvA6TZIXUmXrjG8FKmZzie8xtt0FHPEuGLEcwPN6 Q9jQBp5ThZ5Bb4bOsWbp =Mc7h -----END PGP SIGNATURE-----