Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Debian QA Group <packages@qa.debian.org>.
(Mon, 19 Sep 2016 02:45:06 GMT) (full text, mbox, link).
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 19 Sep 2016 04:36:03 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 19 Sep 2016 04:45:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>: Bug#838248; Package src:unadf.
(Mon, 19 Sep 2016 19:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Tuomas Räsänen <tuomasjjrasanen@tjjr.fi>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>.
(Mon, 19 Sep 2016 19:42:04 GMT) (full text, mbox, link).
Subject: unadf: details of CVE-2016-1243 and CVE-2016-1244
Date: Mon, 19 Sep 2016 22:39:37 +0300
Hi,
Here's details of these vulnerabilities for the curious:
CVE-2016-1243
=============
void extractTree(struct Volume *vol, struct List* tree, char *path, unsigned char *extbuf,
BOOL pflag, BOOL qflag)
{
struct Entry* entry;
char *buf;
char sysbuf[200];
while(tree) {
entry = (struct Entry*)tree->content;
if (entry->type==ST_DIR) {
buf = NULL;
if (strlen(path)>0) {
buf=(char*)malloc(strlen(path)+1+strlen(entry->name)+1);
if (!buf) return;
sprintf(buf,"%s%c%s",path,DIRSEP,entry->name);
sprintf(sysbuf,"%s %s",MKDIR,buf);
Here, sysbuf can be caused to overflow for example by giving an .adf
archive which has a file with very long name and/or path.
CVE-2016-1244
=============
When unadf extracts .adf file, it creates directory paths by executing
mkdir via system(), but does not sanitize pathname strings in any
way. If the user can be tricked to extract specially crafted .adf
file, the attacker can execute arbitrary code with privileges of the
user.
As a proof of concept, I have crafted a file which executes 'ls' when
unpacked by vulnerable unadf: http://tmp.tjjr.fi/boom.adf
Action log:
$ unadf boom.adf
unADF v1.0 : a unzip like for .ADF files, powered by ADFlib (v0.7.11a - January 20th, 2007)
Device : Floppy DD. Cylinders = 80, Heads = 2, Sectors = 11. Volumes = 1
Volume : Floppy 880 KBytes, "Work" between sectors [0-1759]. OFS . Filled at 0.3%.
x - somedir;ls/
adflib.dsw AUTHORS.txt boom.adf CHANGES.txt debian Docs dynunadf.dsp FilesToInstall Lib README.txt somedir staticunadf.dsp
adfwrapper.h Bin Boot COPYING.txt Demo dynlib.dsp Faq gen_spec.sh Makefile snip.c staticlib.dsp
--
Tuomas
Reply sent
to Luciano Bello <luciano@debian.org>:
You have taken responsibility.
(Sat, 24 Sep 2016 20:15:06 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sat, 24 Sep 2016 20:15:06 GMT) (full text, mbox, link).
Source: unadf
Source-Version: 0.7.11a-4
We believe that the bug you reported is fixed in the latest version of
unadf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 838248@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated unadf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 24 Sep 2016 11:43:06 -0400
Source: unadf
Binary: unadf
Architecture: source amd64
Version: 0.7.11a-4
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description:
unadf - Extract files from an Amiga Disk File dump (.adf)
Closes: 838248
Changes:
unadf (0.7.11a-4) unstable; urgency=high
.
* Orphan package with security issues.
* Tuomas Räsänene discoveried two security issues (Closes: #838248):
- CVE-2016-1243: stack buffer overflow caused by blindly trusting on
pathname lengths of archived files.
- CVE-2016-1244: execution of unsanitized input.
* Standards-Version: 3.9.8
Checksums-Sha1:
1ca4a450211d82969428bb13925a7aac4ffb5be4 1695 unadf_0.7.11a-4.dsc
15a18d20546e0bbde7a9578987897da87ecaa9b8 17924 unadf_0.7.11a-4.debian.tar.xz
67608a6e5488bee556cdf127bda5dbce8d0dd41b 71318 unadf-dbgsym_0.7.11a-4_amd64.deb
5505b8917f7cd2c19d040bbcb76e1fefd369f8af 111052 unadf_0.7.11a-4_amd64.deb
Checksums-Sha256:
925bce8be8fd58e30b24f1bdbe6b295e70fa7a1516d77f87ddadd6fe5f99f047 1695 unadf_0.7.11a-4.dsc
ff8873027d330cf3f87876149bd00fe737e0e9885debdda44ce6e3d27257eca3 17924 unadf_0.7.11a-4.debian.tar.xz
cbc5cca895055beddc23413363cbb4be10ff040f728f611cb377875057f92115 71318 unadf-dbgsym_0.7.11a-4_amd64.deb
a28f29a4854fea1738f3f2faf1587fd4a966afdbbc04a26f9050bb40cafd85df 111052 unadf_0.7.11a-4_amd64.deb
Files:
1ec6937000c5283fdbc33be85e4f6084 1695 utils optional unadf_0.7.11a-4.dsc
042fd96d51e94e880e88f3adfbb01c03 17924 utils optional unadf_0.7.11a-4.debian.tar.xz
235bb4a1c9bba4bcc7f4343567c29d6a 71318 debug extra unadf-dbgsym_0.7.11a-4_amd64.deb
451348e43e3777bd8a3ab5bd19d534ec 111052 utils optional unadf_0.7.11a-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJX5sW1AAoJEG7C3vaP/jd0iqIP/1eRKv65uXJrbhjag032SZA7
3ZYps+eco77DaqeJgkTKalE+c1F8JA4kSU0x05JpPz9uthrDyJqb2tAMlAdnoQBW
B+G/mTB0xtKP3uRR4aNm0L22WrA9t3oMGVcsIcAGW/ZbER+8dE6HZIw/vcrG5qQl
zxotWfSHl+8+HI5gFO367Z6547Xe1qtXaBVbAFGt/0fRGaq5Y93tiNHk7KoEWoGm
oUKg4vTWAr/vdHKOwUeRcFi8jY9O/PShfK4Kb5MJMyO28yczBq2vOHQTM83bGWOk
yN0EtRveIVv4d15c/8P2nzfzJ006srACIPL+d5pcmF+kaA3jTDt+vwdjZLg5kOFs
3DbCxKbWu1mxebg1nXjHj1sHCMkJophAujlj4pjT2TuMi/e0gpjemAAit67EBrwL
EXxESn5z8+q+AxH1d64VeIvasxl8NZ+ReLjHuIWf8UgyGaMeoDoJ5fc19rqk7O8g
5gYxdJM29cYjx+CMIzUHDltZWMaM/j5Q51C7ZeIZmz1P3YhvBk9PS8W/kKz/I6iZ
g8MFZZbyaP5wn9cfRFwsP0pqJFtXWAMpPjGaame7/g7h13aBLvbDol1QVte4BxwB
sQu/7ppFEc+mqUrwfskc7lBaFqCLtkj3m2bsJykZzPlnqhrZt7/HOTk7sEM5NGd5
Ev9b075TNawbfPMdWrKL
=y27H
-----END PGP SIGNATURE-----
Reply sent
to Luciano Bello <luciano@debian.org>:
You have taken responsibility.
(Mon, 03 Oct 2016 22:06:10 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Mon, 03 Oct 2016 22:06:10 GMT) (full text, mbox, link).
Subject: Bug#838248: fixed in unadf 0.7.11a-3+deb8u1
Date: Mon, 03 Oct 2016 22:03:46 +0000
Source: unadf
Source-Version: 0.7.11a-3+deb8u1
We believe that the bug you reported is fixed in the latest version of
unadf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 838248@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated unadf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Sep 2016 23:11:18 -0400
Source: unadf
Binary: unadf
Architecture: source amd64
Version: 0.7.11a-3+deb8u1
Distribution: stable-security
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description:
unadf - Extract files from an Amiga Disk File dump (.adf)
Closes: 838248
Changes:
unadf (0.7.11a-3+deb8u1) stable-security; urgency=high
.
* Orphaned package with security issues.
* Tuomas Räsäne discoveried two security issues (Closes: #838248):
- CVE-2016-1243: stack buffer overflow caused by blindly trusting on
pathname lengths of archived files.
- CVE-2016-1244: execution of unsanitized input.
Checksums-Sha1:
a9833a042a8124bfdbe6c305b79b63a419258c96 1723 unadf_0.7.11a-3+deb8u1.dsc
63c05f97302ff67f5d7ff2d9e33f9a66196f9578 209458 unadf_0.7.11a.orig.tar.gz
d7a189f0824ddc05cbe13dde8ba7280bc0c2ae91 19368 unadf_0.7.11a-3+deb8u1.debian.tar.xz
330193a8f503a1666a6294c0bec3c52b298c8f7e 111122 unadf_0.7.11a-3+deb8u1_amd64.deb
Checksums-Sha256:
cdf0531de6b73dfe4ab7f4d9a0886ae4b2565d4f5f5a48fb1db3bf0953c1319b 1723 unadf_0.7.11a-3+deb8u1.dsc
fa9e0e34b1b0f4f4287905a3d485e3bba498451af98d6c12be87ab3a2b436471 209458 unadf_0.7.11a.orig.tar.gz
6aa90a89df12f712098d62213eb35c2d4195bfbea389af4936d8a74f6f6b78bc 19368 unadf_0.7.11a-3+deb8u1.debian.tar.xz
a30718e98459f6c3b2d292cdf67115dba3f77c26b6e5530c1b244daec20d018d 111122 unadf_0.7.11a-3+deb8u1_amd64.deb
Files:
09671a48add8e2d1998572c1f28fd258 1723 utils optional unadf_0.7.11a-3+deb8u1.dsc
63c21eeb61e1473d8dd214e0b39cb819 209458 utils optional unadf_0.7.11a.orig.tar.gz
01bc54dc8cce49609bf509dfd6182ded 19368 utils optional unadf_0.7.11a-3+deb8u1.debian.tar.xz
388dd0e716d5bb36096a1217609b38dd 111122 utils optional unadf_0.7.11a-3+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJX5shEAAoJEG7C3vaP/jd0VVMQAI3I7PjzwtpBxz8iGaIYCkHq
1JwEQGcO8QsEdekVfb8aWVan2xOIBw0rfgA3HHa8l8EwA6EInAdNOBhF/TxwMo5P
5myXhOyMj5LBsgT+7V4BRaoH9wM4TEP/K6EW5hpd1RHiZWdUni2B0zijelz8pzcf
VtwiVIZCkdblWIjqnxeeU1rQNvUBXkVU1/EDOZlg/ePzySQSXFDFT5JVkbbPGAVW
EMIJC6j5GeN06bFi6fN7wZlK3kVTzmrgBNQZitMHuMC9Cjdah5RzPmh/vyU6Za+v
alzvkLDNdn6R4J2sgtf3Eg5ol6FNjGKZDIbd5PfI/q3KWj1R+wWA/01DRur3yP+Y
c+cQi+4SpXlXOYYSnOC2x9qJvAt47T5lXfaPXQ2q00wPckch3nUegxn0qCUExS+U
Bnx+6fngdqVdCQGmJjo4qEcDQEdhUFEYURis0E3VLQP8afk+slu8xaFeWAS2APMg
umYCLRhmqENh4UvbXDeyaluqG/P2/yAqpFb4/sGJZZIPsM1reaIltSMc0S6eSpSl
kTkQmk1eyP46ixbgCKF5rHvu9vL316Q6twBNRlG4SYj14O/HJM0filbNJN9MJvfN
3AeKqG6JQ6ytQcpP1z0GUP+ZRvA6TZIXUmXrjG8FKmZzie8xtt0FHPEuGLEcwPN6
Q9jQBp5ThZ5Bb4bOsWbp
=Mc7h
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Dec 2016 09:33:43 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(Wed, 07 Dec 2016 01:56:47 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 27 Jan 2017 09:42:57 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 28 Sep 2023 08:57:02 GMT) (full text, mbox, link).
Marked as found in versions unadf/0.7.11a-4; no longer marked as fixed in versions unadf/0.7.11a-4 and reopened.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 28 Sep 2023 09:03:05 GMT) (full text, mbox, link).
Merged 8382481053098
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 28 Sep 2023 09:15:07 GMT) (full text, mbox, link).
Source: unadf
Source-Version: 0.7.11a-6
Done: Moritz Muehlenhoff <jmm@debian.org>
We believe that the bug you reported is fixed in the latest version of
unadf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1053098@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated unadf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Nov 2023 19:37:12 +0100
Source: unadf
Architecture: source
Version: 0.7.11a-6
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Closes: 8382481053098
Changes:
unadf (0.7.11a-6) unstable; urgency=medium
.
* QA upload.
* Really apply security fixes for CVE-2016-1243/CVE-2016-1244, they
were not actually applied in the 0.7.11a-4 upload
(Closes: #838248, #1053098)
Checksums-Sha1:
1d889a1c0201f04bc44faab182cc4ee5671efde7 1716 unadf_0.7.11a-6.dsc
35db18004e25770d24dc042896f23cce29f8a688 20004 unadf_0.7.11a-6.debian.tar.xz
a5ce25b15882bbf4a4447c37367f4cf0fbf971d3 6306 unadf_0.7.11a-6_amd64.buildinfo
Checksums-Sha256:
12d215cc8632733933b549a698743a9eb5e6f24d2277e4c962481956c4404951 1716 unadf_0.7.11a-6.dsc
4632eec82ed1293ac6c951e5ff9fa3616ad6d9678dc9c5413f711792193e3a25 20004 unadf_0.7.11a-6.debian.tar.xz
bfe2061e9c0c1ff9cf6628a7de82a0dde64a61eef004e4efd51e39b59cda09a6 6306 unadf_0.7.11a-6_amd64.buildinfo
Files:
225a6e6c9267910c01aa658a5264c44d 1716 utils optional unadf_0.7.11a-6.dsc
48fb7eaa4004a8f00ffc4e3cabdaf928 20004 utils optional unadf_0.7.11a-6.debian.tar.xz
22182c8b4209ce37cc5adf0a30835fbb 6306 utils optional unadf_0.7.11a-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVef24ACgkQEMKTtsN8
TjYPXxAAnASb5sZWB9cl8Ad0fn0UOeiPTrpmbeew8XcqwoDgBTG0b7U/DWNky3+L
gSU6tV/X2RYqgtzYmuI+xjZDwmxQqjpkN0fH+sD4qoqzwPRb2WrC3KOf5TmAyZ3P
5HJJrZ2qdizj3DyEeROq8H8N1aCClfamd9H4IjMDkc4CsmgPz3rJG+njGdrylTtP
8kgQmOi/BSrGq8PesdINJRNcSFJCS8EwaKBfYVgnfOByha9tq7t5zyYuweYGYjX2
4BFHCsU171RE0GitcZXLgWwruSxyog85/fo2k9ZqN66qeXmBOJRS58uQg+rN/ICg
kBx+6kCItUb7D5ljFJ9B5cHIDTa2jZzzkL1hdr8eyzmVusf4aPLFeVjV3yprPRXN
B8SM80wA0fC8zhE+xfK/Se4p2dx/DKLxEilcwoIk6lumLNvc0j5p8v6V2vJS4kvz
w1GhqXQS8kRkx/zGyW/peuU/SYHZ3Kp60hFYBt2SZ97Kd5L2YatL5/JsLo3Q+BKx
5Rfx7tUbJAm98BCGzHhEMQJIxoWr/hzgp4XIzhRWuAUI8wifpqxXradxEsyEBScG
vp6cIUvF7BiVoAAkF9g1zSO5YNoKVCnEXe6XbKTzhlIhJoX3WMm2tDoiS5GtKLZT
5vqUTVjehfiKphlgbxS9F7btadLctHsLQAS7xXzkRo+IlMMvyLU=
=bR4r
-----END PGP SIGNATURE-----
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Wed, 22 Nov 2023 22:57:07 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Wed, 22 Nov 2023 22:57:07 GMT) (full text, mbox, link).
Source: unadf
Source-Version: 0.7.11a-6
Done: Moritz Muehlenhoff <jmm@debian.org>
We believe that the bug you reported is fixed in the latest version of
unadf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 838248@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <jmm@debian.org> (supplier of updated unadf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Nov 2023 19:37:12 +0100
Source: unadf
Architecture: source
Version: 0.7.11a-6
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Closes: 8382481053098
Changes:
unadf (0.7.11a-6) unstable; urgency=medium
.
* QA upload.
* Really apply security fixes for CVE-2016-1243/CVE-2016-1244, they
were not actually applied in the 0.7.11a-4 upload
(Closes: #838248, #1053098)
Checksums-Sha1:
1d889a1c0201f04bc44faab182cc4ee5671efde7 1716 unadf_0.7.11a-6.dsc
35db18004e25770d24dc042896f23cce29f8a688 20004 unadf_0.7.11a-6.debian.tar.xz
a5ce25b15882bbf4a4447c37367f4cf0fbf971d3 6306 unadf_0.7.11a-6_amd64.buildinfo
Checksums-Sha256:
12d215cc8632733933b549a698743a9eb5e6f24d2277e4c962481956c4404951 1716 unadf_0.7.11a-6.dsc
4632eec82ed1293ac6c951e5ff9fa3616ad6d9678dc9c5413f711792193e3a25 20004 unadf_0.7.11a-6.debian.tar.xz
bfe2061e9c0c1ff9cf6628a7de82a0dde64a61eef004e4efd51e39b59cda09a6 6306 unadf_0.7.11a-6_amd64.buildinfo
Files:
225a6e6c9267910c01aa658a5264c44d 1716 utils optional unadf_0.7.11a-6.dsc
48fb7eaa4004a8f00ffc4e3cabdaf928 20004 utils optional unadf_0.7.11a-6.debian.tar.xz
22182c8b4209ce37cc5adf0a30835fbb 6306 utils optional unadf_0.7.11a-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVef24ACgkQEMKTtsN8
TjYPXxAAnASb5sZWB9cl8Ad0fn0UOeiPTrpmbeew8XcqwoDgBTG0b7U/DWNky3+L
gSU6tV/X2RYqgtzYmuI+xjZDwmxQqjpkN0fH+sD4qoqzwPRb2WrC3KOf5TmAyZ3P
5HJJrZ2qdizj3DyEeROq8H8N1aCClfamd9H4IjMDkc4CsmgPz3rJG+njGdrylTtP
8kgQmOi/BSrGq8PesdINJRNcSFJCS8EwaKBfYVgnfOByha9tq7t5zyYuweYGYjX2
4BFHCsU171RE0GitcZXLgWwruSxyog85/fo2k9ZqN66qeXmBOJRS58uQg+rN/ICg
kBx+6kCItUb7D5ljFJ9B5cHIDTa2jZzzkL1hdr8eyzmVusf4aPLFeVjV3yprPRXN
B8SM80wA0fC8zhE+xfK/Se4p2dx/DKLxEilcwoIk6lumLNvc0j5p8v6V2vJS4kvz
w1GhqXQS8kRkx/zGyW/peuU/SYHZ3Kp60hFYBt2SZ97Kd5L2YatL5/JsLo3Q+BKx
5Rfx7tUbJAm98BCGzHhEMQJIxoWr/hzgp4XIzhRWuAUI8wifpqxXradxEsyEBScG
vp6cIUvF7BiVoAAkF9g1zSO5YNoKVCnEXe6XbKTzhlIhJoX3WMm2tDoiS5GtKLZT
5vqUTVjehfiKphlgbxS9F7btadLctHsLQAS7xXzkRo+IlMMvyLU=
=bR4r
-----END PGP SIGNATURE-----
Reply sent
to Moritz Muehlenhoff <jmm@debian.org>:
You have taken responsibility.
(Wed, 22 Nov 2023 22:57:07 GMT) (full text, mbox, link).
Notification sent
to Jani Nikula <spam@avaruusmies.com>:
Bug acknowledged by developer.
(Wed, 22 Nov 2023 22:57:07 GMT) (full text, mbox, link).
Reply sent
to Moritz Mühlenhoff <jmm@debian.org>:
You have taken responsibility.
(Wed, 29 Nov 2023 22:51:08 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Wed, 29 Nov 2023 22:51:08 GMT) (full text, mbox, link).
Subject: Bug#838248: fixed in unadf 0.7.11a-5+deb12u1
Date: Wed, 29 Nov 2023 22:47:14 +0000
Source: unadf
Source-Version: 0.7.11a-5+deb12u1
Done: Moritz Mühlenhoff <jmm@debian.org>
We believe that the bug you reported is fixed in the latest version of
unadf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 838248@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated unadf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Nov 2023 18:20:14 +0100
Source: unadf
Architecture: source
Version: 0.7.11a-5+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Closes: 838248
Changes:
unadf (0.7.11a-5+deb12u1) bookworm; urgency=medium
.
* CVE-2016-1243 / CVE-2016-1244 (Closes: #838248)
Checksums-Sha1:
5aeec93dcc2508fda3a7431a3f28a3def5688a58 1748 unadf_0.7.11a-5+deb12u1.dsc
63c05f97302ff67f5d7ff2d9e33f9a66196f9578 209458 unadf_0.7.11a.orig.tar.gz
39cb250466156f0fb3687cd008ca6e8c75bb8563 19960 unadf_0.7.11a-5+deb12u1.debian.tar.xz
22fe4f34f76027f2997b5712033d6abf225618b9 6170 unadf_0.7.11a-5+deb12u1_amd64.buildinfo
Checksums-Sha256:
94e154723fc1285468e0e8c09cca748fbe5df60fb85547f3075c283950d1a0fb 1748 unadf_0.7.11a-5+deb12u1.dsc
fa9e0e34b1b0f4f4287905a3d485e3bba498451af98d6c12be87ab3a2b436471 209458 unadf_0.7.11a.orig.tar.gz
02113caacff8db80e95ee0cc2a59f31bca93ea6c5bc35cd2a7611d868a7bfd59 19960 unadf_0.7.11a-5+deb12u1.debian.tar.xz
52d9a09ef86a90a06d76725bd37438b7d290fb9ae4e6e06ea4dbf3977dff2ebf 6170 unadf_0.7.11a-5+deb12u1_amd64.buildinfo
Files:
402f43967ea1071bbbcb20f0f103ddc5 1748 utils optional unadf_0.7.11a-5+deb12u1.dsc
63c21eeb61e1473d8dd214e0b39cb819 209458 utils optional unadf_0.7.11a.orig.tar.gz
7b0420b8b50fa829a527b904d011c9fb 19960 utils optional unadf_0.7.11a-5+deb12u1.debian.tar.xz
2e43964eda98da4a9f75a1bcf5924ad0 6170 utils optional unadf_0.7.11a-5+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVg6ZMACgkQEMKTtsN8
TjZgmA//Yao1k3zkpjxdFLyJo43prXI4F85i1gKrIZ95yr+KSjKpMkpX2R9f7pJZ
yYSpXDBTBzX1IF8GrbtbcAqQzYS1VajH+uD7w4QOw3xzyv+2xSbsyA8dLkOEErBG
WmOL9v7htvVklD3A8/z0pOgaJrMKX7Jaftiur1w5GuIgiaJB+wMGdgC1S08aHUGR
A71C6VeYYB6ypO/aLxY1it/1CVrrb4Mt4N8V5mJKXMYpm6YHXFk6b9WazI387T+T
rydS9fwxytq1qK1jt8SQqmn3MjQjG/AM0j/+WTv/x8MR5/ieI/G1cNJWVpkXLJU9
ue0N2jzhUg7HZE8G1xIJKC3PkYM8PhBHetkRQEcjiLRhYgGr50NU58b2mglhpf5P
WL2MGpVXkRZzIW6aKLV8FnggDxu1JfN9Q2LxQuh3i9Wc3YpKCRoT2yVlalzyr396
ek2WXkuMyY95pMXa27Ixl/+giHXpXAgoKmVVoxjEu/cDulh8lDTDK3YDgMYVce49
h0b0UzfY6A7uchWyg8XR4wL/FD/VZpZtsT/ns0eMKcfCpWDdMb1hIQMncp9uionz
p+0HX0jRs0sTzUWbIXw0BUzTcL1HCtqjxvNn4chk8eWuSrWYfQLAptjj+WOKdAdR
Z/pV1rnJmda55iwPI7veQLKno+YYMIkAo6g1uRtnf0u8kdkZDyU=
=4cr6
-----END PGP SIGNATURE-----
Reply sent
to Moritz Mühlenhoff <jmm@debian.org>:
You have taken responsibility.
(Wed, 29 Nov 2023 22:51:09 GMT) (full text, mbox, link).
Notification sent
to Jani Nikula <spam@avaruusmies.com>:
Bug acknowledged by developer.
(Wed, 29 Nov 2023 22:51:09 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 28 Dec 2023 07:31:18 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.