-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 03 Nov 2016 11:22:12 +0000 Source: bsdiff Binary: bsdiff Architecture: source amd64 Version: 4.3-14+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Jari Aalto <jari.aalto@cante.net> Changed-By: Chris Lamb <lamby@debian.org> Description: bsdiff - generate/apply a patch between two binary files Changes: bsdiff (4.3-14+deb7u1) wheezy-security; urgency=high . * CVE-2014-9862: Check for negative values on the number of bytes to read from the "diff" and "extra" streams, preventing an attacker controlling the patch file to write at arbitrary locations in the heap. Checksums-Sha1: 0de0abd80daf0e4ad776e28ad9af4c5873482f1a 1798 bsdiff_4.3-14+deb7u1.dsc 0c0a89d604fc55ef2b5e69cd18372b2972edd8b8 5740 bsdiff_4.3.orig.tar.gz fa14924c44b12d176d0fa33dc0bf460993a8333f 5874 bsdiff_4.3-14+deb7u1.debian.tar.gz 986a1184cfc405dcf685645e03dd723f3be3186e 16512 bsdiff_4.3-14+deb7u1_amd64.deb Checksums-Sha256: db1dc361dbe19270ed3931d5712ac05c2b0ac0a98feffead618411c89b28d01d 1798 bsdiff_4.3-14+deb7u1.dsc 18821588b2dc5bf159aa37d3bcb7b885d85ffd1e19f23a0c57a58723fea85f48 5740 bsdiff_4.3.orig.tar.gz a627029de9abf0d7d0ccc21ed1f4bbec5c67540c0a508e4a65dbd65e2077cb7a 5874 bsdiff_4.3-14+deb7u1.debian.tar.gz 2a89e16753913313d970ffc32a4bd922fe7cba56ea16d6c595844f33beb84066 16512 bsdiff_4.3-14+deb7u1_amd64.deb Files: 1055ca4ed580b8d08015d68f9b5151d8 1798 utils optional bsdiff_4.3-14+deb7u1.dsc e6d812394f0e0ecc8d5df255aa1db22a 5740 utils optional bsdiff_4.3.orig.tar.gz 6686070dee80dd3d0cb97ddd190e3166 5874 utils optional bsdiff_4.3-14+deb7u1.debian.tar.gz 06283491ce9ac5847b2572d2bc90d4ed 16512 utils optional bsdiff_4.3-14+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYGyEZAAoJEB6VPifUMR5Y9WYP/irDfQVlY+Txe7nyjKhu/kVa m99lvoJMIUSnaJkEfCrO7MGESoDIcx4px1wJf/hrpySZJ6Q5v3gIK+vPvIXiFX8n rltbra5T21aF5b4tqRXZyXPkmt/W4BwR+3uPLvNPljPCng8fkbcPxCYZQIEEZqLK CAldX9d2ecSDeCmxt4f5FkO+Usj3LjtRyEZL0EJQTDWcOc4Wqko5GuZiTCnCGCi1 9oqiCt9bgvT7jYtS8zArJR2oBD/LjBXbx5br4yqMZA0tdyl5ZitYsGbfuwvyPp/g N0gcMRrEXFB9T/vzrJMj6IyQBl2d9UzyUB+fVvaeEboJySERCrBLyu0Tadji20Iz 5rTdG0RCN3rq6oSlSNebOB6r9hkyxGoiLGvjt3ODAiVdvRCM2wK30FOLQsvcv7t5 Bbl9xoYv2ZTLAwj7F1+uQ8v2qJirPIB42gy0TB1f5n9CLeGWYSf/ZiiLeO1gqBN1 Dnben5ZCKF16RW92ZXSfSdpkel4VyPIjDC9m/XS/CMJsJ2AylWJ2QKLKEHvt5kce l8ixyGrn6E72HivqjvDfOyVr1/F6CB/ckrFhkphIOlrlew84kyCRhptabCTdXS9/ z4SjkSew15/AxLwYg2jQMZIpyRWZH2rnqz8DFICJwwOvUEUvbq5DAQYydT8D8HVU 9K2pg96SHzatE0+7egpW =zOAc -----END PGP SIGNATURE-----