-
Committer:
Package Import Robot
-
Author(s):
Tyler Hicks
-
Date:
2015-06-22 14:34:29 UTC
-
Revision ID:
package-import@ubuntu.com-20150622143429-p6yn5nul8c1yjldm
Tags: 2.7.1-5ubuntu0.3
* SECURITY UPDATE: Denial of service via crafted patch
- debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
allocation failures
- CVE-2014-9637
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point
outside of the current directory
- CVE-2015-1196
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1395.patch: Check the validity of both filenames
during a rename or copy
- CVE-2015-1395
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point
outside of the current directory. This patch corrects the incomplete fix
for CVE-2015-1196.
- CVE-2015-1396
* debian/rules: Fix FTBFS caused by ed check. Based on Debian change
suggested by Simon McVittie.
* debian/control: Add automake1.11 as a build-depends since some of the
patches adjust Makefile.am files