-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Oct 2016 07:34:37 +0300 Source: bsdiff Binary: bsdiff Architecture: source amd64 Version: 4.3-17 Distribution: unstable Urgency: medium Maintainer: Jari Aalto <jari.aalto@cante.net> Changed-By: Jari Aalto <jari.aalto@cante.net> Description: bsdiff - generate/apply a patch between two binary files Changes: bsdiff (4.3-17) unstable; urgency=medium . * debian/patches - (20): New. Closes: CVE-2014-9862 Description: No check for negative values on the number of bytes to read from the "diff" and "extra" streams, allowing an attacker controlling the patch file to write at arbitrary locations in the heap. https://security-tracker.debian.org/tracker/CVE-2014-9862 Checksums-Sha1: 6a329062b0f941b93e9656113ee448b30b34328e 1792 bsdiff_4.3-17.dsc 7539a764ce0e26a22002f590e9017ea1d1a12328 6268 bsdiff_4.3-17.debian.tar.xz cfce6a4c39c33e2b302bea1ae07dac1e09ac64db 14054 bsdiff-dbgsym_4.3-17_amd64.deb ecb908377cb25114c838dfeaae82bcf30ba070d7 14948 bsdiff_4.3-17_amd64.deb Checksums-Sha256: 57f66c86656ffcb54d37308dcc7041049032a6b86017878b7d27322ab29d8d61 1792 bsdiff_4.3-17.dsc 73a223bb4bdfcf78ceab2609786f6638facddf0db46729679fc700916c0246ac 6268 bsdiff_4.3-17.debian.tar.xz eb81fc19522ec92f0668f2fc437d18f57ec972b954f52ff48895ee6131fc7a55 14054 bsdiff-dbgsym_4.3-17_amd64.deb 79d072690aec85fb6737bfedb116768eba8dc8f88b72fb8da18b21a588e3e984 14948 bsdiff_4.3-17_amd64.deb Files: 698124a52ed8e4a8f123d08d4236d824 1792 utils optional bsdiff_4.3-17.dsc 4d41d379bb0111036cb901f1d1fb7362 6268 utils optional bsdiff_4.3-17.debian.tar.xz bafdab5f2feb5f253a0928b6552bf4bb 14054 debug extra bsdiff-dbgsym_4.3-17_amd64.deb e8a8e6fba9ba6a1e488ff12bea9f902a 14948 utils optional bsdiff_4.3-17_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYFiwjAAoJECHSBYmXSz6W3moP/iC5PRO5d/Ehq5TYoKAcbnvr arcY/p+AqsFfbbCIz+ra3766U/aIYUnlkc71R/MID7EeQnW+FmjdnNluUpbPY0Gz fjpq50VXg+TjujLWWDcwb6EtUp4VTdNx48fRopVxfCucTJn3yAKPlwM8qHqGuXxe 4aEuU8Jzx0FYrPKDeIbsiR0dF4KhiXpozMHaxnz5+/wJmvg08Vu/awR/QV6XbCj3 RhxBC+3V76LlD8HX+bZHMJlzW/Ru8M/5GNUq3a3V0aDvUtHir1Ezc0BWC+Ir9+HN fSBgLDw0PvN4ayrExpN7RAEY5Lxvp3zZuzNNYREdApkToeewRT2UQ9xeZ+F5HKaW V2kyBux5JqApVohMrK/RBNDZ53ynoD0T9Tdq5VnJsB1cdqnz7w5ZGJIL4TJV684n lEiMT1Ti+Nbi6veR72mSiks9jEMQtlGBhvqVm3W7dAuV1xI4D8XwRr3CNmpibWTT VZLL76/QAzYSuquhL3LrvNvVEAh9SKZeQHLTb8rsRXzOpDxzDKpYXgBzp0nX2Cxt Rp5mxOWk/5xKn/QBvO/InNPy1kaNUZ3LwmzD7IOu3BSaOVOfPDQp5ZUuaE8/4CGJ Q5rPnjmoBw2fDW39WFsZbOrULEH/7UtqYLs1ScdkFFwOZOvOyllJ5coaJde4ep38 eykEZzmZY3oGDm8VWFXU =45kw -----END PGP SIGNATURE-----