-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 06 Nov 2017 17:35:51 +0100 Source: bchunk Binary: bchunk Architecture: source Version: 1.2.0-12.1 Distribution: unstable Urgency: high Maintainer: Praveen Arimbrathodiyil <pravi.a@gmail.com> Changed-By: Markus Koschany <apo@debian.org> Description: bchunk - CD image format conversion from bin/cue to iso/cdr Changes: bchunk (1.2.0-12.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2017-15953, CVE-2017-15954 and CVE-2017-15955. bchunk was vulnerable to a heap-based buffer overflow with an resultant invalid free when processing a malformed CUE (.cue) file that may lead to the execution of arbitrary code or a application crash. Checksums-Sha1: 249a0ca4dbd730a657ffd1df457633511c252f8f 1972 bchunk_1.2.0-12.1.dsc 55a9267538f86877fd32ca374aad063cecacb240 5428 bchunk_1.2.0-12.1.debian.tar.xz 542f6756eeda9b182b7595e31e5a4d9517f79182 5518 bchunk_1.2.0-12.1_amd64.buildinfo Checksums-Sha256: 5433b33b5c5c9326ad0e14c3d63728a14ab454ba6f1d7f7009a925fbf755880d 1972 bchunk_1.2.0-12.1.dsc 8c7b530e37f0ebcce673c74962214da02aff7bb1ecc96a4dd359e6115f5c0f57 5428 bchunk_1.2.0-12.1.debian.tar.xz 083a79240df7f5a0cade603b62bfa1216f09aee0d7d771a77f490ab75da36339 5518 bchunk_1.2.0-12.1_amd64.buildinfo Files: 2eddd7ad4a2b44715dd391f6613a370d 1972 otherosfs optional bchunk_1.2.0-12.1.dsc 2d4452cb883741e37178f25f82d5dc01 5428 otherosfs optional bchunk_1.2.0-12.1.debian.tar.xz 2d0f9030f6ff4818a671ba76b8e61cff 5518 otherosfs optional bchunk_1.2.0-12.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloAkFtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk0V0P/iXZOhk3FLOfxvnO4BknXqqvk9EVITJiSeiN G9oS9ZCmb4NS090LJD42HOaKt51sqAkv/Eu1UM7R4FSyErDfijOU+IM+jBQsoJxn qfDNHur+JR2Ib13MjWBJfFETmGY6KXQ5t4ngA5XeFzQ5/l7E1fCy9JBnkom/Xb// gkWD0eYZBOkemlnyr4KBjG+pfcc2XuLlA6GMrrNOJzpRo8ur3uqhvExckF3Zsq6g IzO3P19N0I8HvqR5yGY7ibl2MK8qfdALx52SQV8ywPHr8AfpQIxaT3iFUpRI80mn T4G8b0C6Mq2FvZ3MjmHqYyauyiX8UIaS1b2fNNzk5OEbBABzRRLJXlD7gtAPZsMf X0wlN4pGevv3Ls7HDj65rFJCWFGYJ0Y5Y3RNERCWdqKdxOKb2K4/s7jFw+THuyc8 PW2FgpS9vN3ohKiaFp5bDvxXjHt7uCZX92byOxKcpJ8JcgnffBXSoXpYabu1b+qM LOx0KJV+rFvm9xEwPUnlNnrIDPSPR63j6Yx35hi5/o7X3qoxSUjbN1n7VTvhTMt1 kFaq7bKiaSHVPKOJcyu7bAcQUDnWXafyVX4lALhlH+j6VXDyqUHCyt7yj2MlZPnx oZX1XP/ty4Xx8SiL940Pnu53NSSJ4NM6F8KtgZeoqoCawNgnIbdUAsUyayLdPf3S 7+va1mM3 =yMeY -----END PGP SIGNATURE-----
