Accepted gzip 1.3.5-10sarge2 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 10 Sep 2006 21:01:47 +0000
Source: gzip
Binary: gzip
Architecture: source i386
Version: 1.3.5-10sarge2
Distribution: stable-security
Urgency: high
Maintainer: Bdale Garbee <bdale@gag.com>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
gzip - The GNU compression utility
Changes:
gzip (1.3.5-10sarge2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team:
* Fix several security problems discovered by Tavis Ormandy of Google:
- DoS through null pointer deference in the Huffman code (CVE-2006-4334)
- Out-of-bands stack write in LZH decompression code (CVE-2006-4335)
- Buffer overflow in pack code (CVE-2006-4336)
- Buffer overflow in LZH code (CVE-2006-4337)
- DoS through an infinite loop in LZH code (CVE-2006-4337)
(Patch by Thomas Biege of SuSe)
Files:
b4ef2a9e595a17f8596fdefb1f4b9bf6 566 base required gzip_1.3.5-10sarge2.dsc
3d6c191dfd2bf307014b421c12dc8469 331550 base required gzip_1.3.5.orig.tar.gz
cd1bec47a01d72c800f3bac85dfcc5f3 60478 base required gzip_1.3.5-10sarge2.diff.gz
8267f1f753b0a2b380d149280b6e44bb 71164 base required gzip_1.3.5-10sarge2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFFDHz1Xm3vHE4uyloRAqdhAJ0cht/H/pzFWtqcF56FNmPOIdXUlgCg1TTf
Y3Ydrv9+dAYWzP3In+89C6U=
=EFds
-----END PGP SIGNATURE-----
Accepted:
gzip_1.3.5-10sarge2.diff.gz
to pool/main/g/gzip/gzip_1.3.5-10sarge2.diff.gz
gzip_1.3.5-10sarge2.dsc
to pool/main/g/gzip/gzip_1.3.5-10sarge2.dsc
gzip_1.3.5-10sarge2_i386.deb
to pool/main/g/gzip/gzip_1.3.5-10sarge2_i386.deb
Reply to: