Ubuntu
cracklib2 package

Sync cracklib2 2.9.2-3 (main) from Debian unstable (main)

Bug #1617155 reported by Jeremy Bícha
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cracklib2 (Debian)
Fix Released
Unknown
cracklib2 (Ubuntu)
Fix Released
Wishlist
Unassigned
Xenial
New
Undecided
Unassigned

Bug Description

Please sync cracklib2 2.9.2-3 (main) from Debian unstable (main)

Changelog entries since current yakkety version 2.9.2-1build2:

cracklib2 (2.9.2-3) unstable; urgency=medium

  * Fix "Buffer overflow processing long words" by applying patch from
    https://build.opensuse.org/package/view_file/Base:System/cracklib/
    0004-overflow-processing-long-words.patch (Closes: #835386)
  * remove obsolete debian/pycompat
  * change Vcs-* fields to https variants
  * Bump Standards-Version to 3.9.8 (no changes)
  * Fix "FTCBFS: invokes host-arch executable cracklib-packer" by applying
    Helmut Grohne's patch to fix cross compilation (Closes: #792860)

 -- Jan Dittberner <email address hidden> Thu, 25 Aug 2016 17:29:17 +0200

cracklib2 (2.9.2-2) unstable; urgency=medium

  * Fix "CVE-2016-6318: Stack-based buffer overflow when parsing large
    GECOS field" by applying patch by Salvatore Bonaccorso (Closes: #834502)

 -- Jan Dittberner <email address hidden> Tue, 23 Aug 2016 18:50:44 +0200

CVE References

Jeremy Bícha (jbicha)
Changed in cracklib2 (Ubuntu):
importance: Undecided → Wishlist
information type: Public → Public Security
Bug Watch Updater (bug-watch-updater)
Changed in cracklib2 (Debian):
status: Unknown → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

This bug was fixed in the package cracklib2 - 2.9.2-3
Sponsored for Jeremy Bicha (jbicha)

---------------
cracklib2 (2.9.2-3) unstable; urgency=medium

  * Fix "Buffer overflow processing long words" by applying patch from
    https://build.opensuse.org/package/view_file/Base:System/cracklib/
    0004-overflow-processing-long-words.patch (Closes: #835386)
  * remove obsolete debian/pycompat
  * change Vcs-* fields to https variants
  * Bump Standards-Version to 3.9.8 (no changes)
  * Fix "FTCBFS: invokes host-arch executable cracklib-packer" by applying
    Helmut Grohne's patch to fix cross compilation (Closes: #792860)

 -- Jan Dittberner <email address hidden> Thu, 25 Aug 2016 17:29:17 +0200

cracklib2 (2.9.2-2) unstable; urgency=medium

  * Fix "CVE-2016-6318: Stack-based buffer overflow when parsing large
    GECOS field" by applying patch by Salvatore Bonaccorso (Closes: #834502)

 -- Jan Dittberner <email address hidden> Tue, 23 Aug 2016 18:50:44 +0200

Changed in cracklib2 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.