Accepted advancecomp 1.19-1+deb8u1 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted advancecomp 1.19-1+deb8u1 (source amd64) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Sat, 02 Mar 2019 21:20:14 +0000
Message-id: <[🔎] E1h0C3K-00028m-Lp@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 02 Mar 2019 21:00:50 +0100
Source: advancecomp
Binary: advancecomp
Architecture: source amd64
Version: 1.19-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Piotr Ożarowski <piotr@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 advancecomp - collection of recompression utilities
Changes:
 advancecomp (1.19-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-1056:
     Joonun Jang discovered that the advzip tool in advancecomp, a collection of
     recompression utilities, was prone to a heap-based buffer overflow. This
     might allow an attacker to cause a denial-of-service (application crash) or
     other unspecified impact via a crafted file.
   * The png_compress function in pngex.cc in advpng has an integer overflow
     upon encountering an invalid PNG size, which results in another heap based
     buffer overflow.
   * Backport two upstream commits to address more buffer overflows.
Checksums-Sha1:
 73bb2c116475020954ce86e8614f0e83e7a45851 1949 advancecomp_1.19-1+deb8u1.dsc
 894c2db01c9fff40257f929496621bdcea77748b 1193228 advancecomp_1.19.orig.tar.gz
 078feb34f7683f1c2d01c0dbeee1239ff7d4056d 5072 advancecomp_1.19-1+deb8u1.debian.tar.xz
 82b2c84937f7f56473342b10681a9744078b463e 162492 advancecomp_1.19-1+deb8u1_amd64.deb
Checksums-Sha256:
 8e50bfdab39a3c9c8ee968ac51d63017fddbdacfc64845daf16203aa20d43889 1949 advancecomp_1.19-1+deb8u1.dsc
 d594c50c3da356aa961f75b00e958a4ed1e142c6530b42926092e46419af3047 1193228 advancecomp_1.19.orig.tar.gz
 fe89252f7e38842b8e6a8e444254353251f100874a12f41c37e26d0c28b754f1 5072 advancecomp_1.19-1+deb8u1.debian.tar.xz
 977c3ef04883507f238b5ee264c643fbf852c37a860ce3b9e6ceed9ea3647a2c 162492 advancecomp_1.19-1+deb8u1_amd64.deb
Files:
 a2c4a32f1bcc10857803b7ec2d2c52ce 1949 utils optional advancecomp_1.19-1+deb8u1.dsc
 371548ce4cc38cb452c20414cbd8c4fe 1193228 utils optional advancecomp_1.19.orig.tar.gz
 1e8bb01c660ec0aaef372065a3ef3073 5072 utils optional advancecomp_1.19-1+deb8u1.debian.tar.xz
 74eb531dae1ab1305c941ede27e6c1ff 162492 utils optional advancecomp_1.19-1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx68ChfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk3VwP/0EGBUsNFv/0WzvVK1NQDYQ8s6fHHKPgLBxr
O9nlyTHqh52zR0G0ZVLl9scCOu5dLU9LjfX0FDzrWMjC5EbK3qx6mjDhGBTlIc8l
KmQu/kj1Co+NHZTrY5eopMEjI2geRHedhMeCeSvX56RIgnwF1h2lkaQJP5uZi/Hd
X/56k8tlrPo5b8Rx4JrD5B315R1c4ciD0z3gzF7f47NLrAskO8zZkTGk6Ftwp7WQ
XC5WZet4uxM0dOVWcrhSvvlo0pq00wN/9SHDv+rvW01NCX/10Cb7UCuT3VGKfAqD
qx8COA7wNQmuiAcKYTn5oE1afm7INdBw4OD41xacTT1mz1nZyAfTd0NNn1QxwQNC
+VV7jvqdhpVMOblbQ1obRWurtuJFHwaLF01D42X8vO0dY8kOfnq4GnxsZKLJYtxl
Bu06vIec+0fDZ54OIHpNm2Uk/Ye6kGLiTJ8dzGiRsVmX0qqI0MjQ9fa3LtUJI+6B
ZmaPpg4Zgz43MCKX625nZP32oJlr61mJq6h1zUcjOckfQMIsug8/5PwU/2oyIPHk
0sbfgb+EGOcw49Wl8HZEF6ufJFLNIlTT55oeBIZgqHVRfQ63jc1lUDtzQBHTVVd+
u4Fh6T6DrAlsQyqc12HLiBVwIorN/u8FFKeNogqVdoxNtX7YP9Z1qDRtb6/b5OkV
n1jI1AUL
=BMla
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted openssl 1.0.1t-1+deb8u11 (source all amd64) into oldstable
Next by Date: Accepted jackson-databind 2.4.2-2+deb8u5 (source all) into oldstable
Previous by thread: Accepted openssl 1.0.1t-1+deb8u11 (source all amd64) into oldstable
Next by thread: Accepted jackson-databind 2.4.2-2+deb8u5 (source all) into oldstable
Index(es):
- Date
- Thread