2009-09-21 12:01:46 |
Benjamin Drung |
description |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/changetrack
status new
importance wishlist
subscribe ubuntu-universe-sponsors
Please sync changetrack 4.5-2 (universe) from Debian unstable (main).
Please sync the package from debian as it fixes a potential CVE bug.
Changelog since current karmic version 4.5-1:
changetrack (4.5-2) unstable; urgency=low
* [reject-weird-filenames.diff] Fix possible local exploit by rejecting
filenames with unsafe characters (cf. CVE-2009-3233). Thanks to Marek
Grzybowski and Andrzej Lemieszek.
(Closes: #546791)
-- Jens Peter Secher <jps@debian.org> Thu, 17 Sep 2009 22:32:43 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKtOPLL+KnYRaooWIRAqZ2AJ43IgtvJSdNCYJ9q8S1+WaDZSwDAACeOvDm
783aMwBIxn9SZ+2LyIGfwZg=
=FizW
-----END PGP SIGNATURE----- |
Please sync changetrack 4.5-3 (universe) from Debian unstable (main).
Please sync the package from debian as it fixes a potential CVE bug.
Changelog since current karmic version 4.5-1:
changetrack (4.5-3) unstable; urgency=medium
* [reject-weird-filenames.diff] Also reject filenames with exclamation
marks, avoid spaces in auxiliary files, and quote filenames whereever
possible. Urgency due to security implications.
-- Jens Peter Secher <jps@debian.org> Sun, 20 Sep 2009 15:01:44 +0200
changetrack (4.5-2) unstable; urgency=low
* [reject-weird-filenames.diff] Fix possible local exploit by rejecting
filenames with unsafe characters (cf. CVE-2009-3233). Thanks to Marek
Grzybowski and Andrzej Lemieszek.
(Closes: #546791)
-- Jens Peter Secher <jps@debian.org> Thu, 17 Sep 2009 22:32:43 +0200
|
|