-
Committer:
Package Import Robot
-
Author(s):
Davide Puricelli (evo)
-
Date:
2013-07-15 11:23:44 UTC
-
mfrom:
(1.1.12)
-
Revision ID:
package-import@ubuntu.com-20130715112344-r07iyxwn6995f297
Tags: 4.8.0.3-1
* New upstream version, including upstream fixes for:
- CVE-2012-6122 Use POSIX() poll on systems where available.
- CVE-2012-6123 Added checks for embedded '\0' characters.
- CVE-2012-6124 On 64-bit machines the "random" procedure no longer
truncates result values.
- CVE-2012-6125 Improved hash table collision resistance.
* Added fix-untrusted-code.patch to prevent execution of untrusted code,
see CVE-2013-1874, patch provided by upstream.
* Added fix-command-injection.patch to fix a command injection
vulnerability, see CVE-2013-2024, patch provided by upstream.