← Back to branch summary

~ubuntu-branches/ubuntu/jaunty/fastjar/jaunty-security

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2010-06-18 08:35:33 UTC
  • Revision ID: james.westby@ubuntu.com-20100618083533-wyqxn4dqteh2t6es
Tags: 2:0.97-3ubuntu0.1
https://launchpad.net/bugs/540575
* SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575)
  - jartool.c (extract_jar): Fix up checks for traversal to parent
    directories, disallow absolute paths, make the code slightly more
    efficient. (patch from trunk)
  - CVE-2010-0831
* Additional patches from the trunk:
  - jartool.c (read_entries): Properly zero-terminate filename.
  - jartool.c (add_file_to_jar): Fix write return value check.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/changelog
 
1
fastjar (2:0.97-3ubuntu0.1) jaunty-security; urgency=low
 
2
 
 
3
  * SECURITY UPDATE: directory traversal vulnerabilities (LP: #540575)
 
4
    - jartool.c (extract_jar): Fix up checks for traversal to parent
 
5
      directories, disallow absolute paths, make the code slightly more
 
6
      efficient. (patch from trunk)
 
7
    - CVE-2010-0831
 
8
  * Additional patches from the trunk:
 
9
    - jartool.c (read_entries): Properly zero-terminate filename.
 
10
    - jartool.c (add_file_to_jar): Fix write return value check.
 
11
 
 
12
 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 18 Jun 2010 08:35:33 -0400
 
13
 
1
14
fastjar (2:0.97-3) unstable; urgency=low
2
15
 
3
16
  * Fix segfault in jartool.c (Arthur Loiret).