Your message dated Sat, 26 Feb 2005 21:47:16 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#296839: fixed in unace 1.2b-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Feb 2005 00:44:11 +0000
>From [EMAIL PROTECTED] Thu Feb 24 16:44:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pernis.its.uu.se [130.238.4.153]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D4TaU-0007xX-00; Thu, 24 Feb 2005 16:44:10 -0800
Received: by pernis.its.uu.se (Postfix, from userid 205)
id 7390924E; Fri, 25 Feb 2005 01:44:08 +0100 (MEZ)
Received: from pernis.its.uu.se(127.0.0.1) by pernis.its.uu.se via virus-scan
id s332; Fri, 25 Feb 05 01:44:01 +0100
Received: from nyctea.its.uu.se (nyctea2.its.uu.se [130.238.4.194])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by pernis.its.uu.se (Postfix) with ESMTP id 3AF19130
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 01:44:01 +0100 (MEZ)
Received: from localhost ([127.0.0.1])
by nyctea.its.uu.se with esmtp (Exim 4.34)
id 1D4TaK-0006Oo-TK
for [EMAIL PROTECTED]; Fri, 25 Feb 2005 01:44:00 +0100
Received: from h55n2fls31o1123.telia.com (h55n2fls31o1123.telia.com
[81.224.172.55])
by webmail.uu.se (IMP) with HTTP
for <[EMAIL PROTECTED]>; Fri, 25 Feb 2005 01:44:00 +0100
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 25 Feb 2005 01:44:00 +0100
From: Ulf =?iso-8859-1?b?SORybmhhbW1hcg==?= <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: unace: multiple buffer overflows and directory traversal bugs
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="-MOQ110929224033f25dcdfa800edb80c5b85039820dd0"
User-Agent: Internet Messaging Program (IMP) 3.2.7
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This message is in MIME format.
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: unace: multiple buffer overflows and directory traversal bugs
Package: unace
Version: 1.2b-2
Severity: grave
Justification: user security hole
Tags: security patch
I have found multiple security vulnerabilities in unace.
There are two buffer overflows when extracting, testing or listing
specially prepared ACE archives. They are caused by wrong usage of
strncpy() with the third parameter coming from the archive. In both
cases, the attacker controls the EIP register.
There are also two buffer overflows when (a) dealing with long (>15600
characters) command line arguments for archive names, and (b) when
preparing a string for printing Ready for next volume messages.
Furthermore, there are directory traversal bugs when extracting ACE
archives. They are both of the absolute ("/etc/nologin") and the relative
("../../../../../../../etc/nologin") type.
All buffer overflows have the identifier CAN-2005-0160, and the directory
traversal bugs have the identifier CAN-2005-0161.
I have attached some test archives and a patch.
// Ulf H=E4rnhammar for the Debian Security Audit Project
http://www.debian.org/security/audit/
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=3Den_US, LC_CTYPE=3Den_US (charmap=3DISO-8859-1)
Versions of packages unace depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librar=
ies an
-- no debconf information
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0
Content-Type: text/x-patch; name="unace.security.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="unace.security.patch"
LS0tIHVhY19jcnQuaC5vbGQJMTk5OC0wNy0wMSAxMDoyOTowMC4wMDAwMDAwMDAgKzAyMDAKKysr
IHVhY19jcnQuaAkyMDA1LTAyLTE0IDAwOjQ4OjM1LjAwMDAwMDAwMCArMDEwMApAQCAtNCw3ICs0
LDcgQEAKIAogI2luY2x1ZGUgImFjZXN0cnVjLmgiCiAKLUNIQVIgKmFjZV9mbmFtZShDSEFSICog
cywgdGhlYWQgKiBoZWFkLCBJTlQgbm9wYXRoKTsKK0NIQVIgKmFjZV9mbmFtZShDSEFSICogcywg
dGhlYWQgKiBoZWFkLCBJTlQgbm9wYXRoLCB1bnNpZ25lZCBpbnQgc2l6ZSk7CiBJTlQgIGNyZWF0
ZV9kZXN0X2ZpbGUoQ0hBUiAqIGZpbGUsIElOVCBhKTsKIAogI2lmZGVmIFVOSVgKLS0tIHVhY19j
cnQuYy5vbGQJMTk5OC0wNy0wMSAxMDoyOTowMC4wMDAwMDAwMDAgKzAyMDAKKysrIHVhY19jcnQu
YwkyMDA1LTAyLTE0IDAyOjQ2OjAyLjAwMDAwMDAwMCArMDEwMApAQCAtMzMsMTIgKzMzLDE1IEBA
CiAKIC8qIGdldHMgZmlsZSBuYW1lIGZyb20gaGVhZGVyCiAgKi8KLUNIQVIgKmFjZV9mbmFtZShD
SEFSICogcywgdGhlYWQgKiBoZWFkLCBJTlQgbm9wYXRoKQorQ0hBUiAqYWNlX2ZuYW1lKENIQVIg
KiBzLCB0aGVhZCAqIGhlYWQsIElOVCBub3BhdGgsIHVuc2lnbmVkIGludCBzaXplKQogewotICAg
SU5UICBpOworICAgdW5zaWduZWQgaW50IGk7CiAgICBjaGFyICpjcDsKIAotICAgc3RybmNweShz
LCAoKih0ZmhlYWQgKikgaGVhZCkuRk5BTUUsIGkgPSAoKih0ZmhlYWQgKikgaGVhZCkuRk5BTUVf
U0laRSk7CisgICBpID0gKCoodGZoZWFkICopIGhlYWQpLkZOQU1FX1NJWkU7CisgICBpZiAoaSA+
IChzaXplIC0gMSkpCisgICAgIGkgPSBzaXplIC0gMTsKKyAgIHN0cm5jcHkocywgKCoodGZoZWFk
ICopIGhlYWQpLkZOQU1FLCBpKTsKICAgIHNbaV0gPSAwOwogCiAgICBpZiAobm9wYXRoKQpAQCAt
NTYsMjIgKzU5LDcyIEBAIENIQVIgKmFjZV9mbmFtZShDSEFSICogcywgdGhlYWQgKiBoZWFkLCAK
ICAgIH0KICNlbmRpZgogCisgICBjcCA9IHM7CisgICB3aGlsZSAoKmNwID09ICcvJykgY3ArKzsK
KyAgIGlmIChjcCAhPSBzKQorICAgICBtZW1tb3ZlKHMsIGNwLCBzdHJsZW4oY3ApICsgMSk7CisK
ICAgIHJldHVybiBzOwogfQogCitpbnQgaXNfZGlyZWN0b3J5X3RyYXZlcnNhbChjaGFyICpzdHIp
Cit7CisgIHVuc2lnbmVkIGludCBtb2RlLCBjb3VudGRvdHM7CisgIC8qIG1vZGUgMCA9IGZyZXNo
LCAxID0ganVzdCBkb3RzLCAyID0gbm90IGp1c3QgZG90cyAqLworICBjaGFyIGNoOworCisgIG1v
ZGUgPSBjb3VudGRvdHMgPSAwOworCisgIHdoaWxlIChjaCA9ICpzdHIrKykKKyAgeworICAgIGlm
ICgoY2ggPT0gJy8nKSAmJiAobW9kZSA9PSAxKSAmJiAoY291bnRkb3RzID4gMSkpCisgICAgICBy
ZXR1cm4gMTsKKworICAgIGlmIChjaCA9PSAnLycpCisgICAgeworICAgICAgIG1vZGUgPSBjb3Vu
dGRvdHMgPSAwOworICAgICAgIGNvbnRpbnVlOworICAgIH0KKworICAgIGlmIChjaCA9PSAnLicp
CisgICAgeworICAgICAgaWYgKG1vZGUgPT0gMCkKKyAgICAgICAgbW9kZSA9IDE7CisKKyAgICAg
IGNvdW50ZG90cysrOworICAgIH0KKyAgICBlbHNlCisgICAgICBtb2RlID0gMjsKKyAgfQorCisg
IGlmICgobW9kZSA9PSAxKSAmJiAoY291bnRkb3RzID4gMSkpCisgICAgcmV0dXJuIDE7CisKKyAg
cmV0dXJuIDA7Cit9CisKIHZvaWQgY2hlY2tfZXh0X2RpcihDSEFSICogZikgICAgICAgIC8vIGNo
ZWNrcy9jcmVhdGVzIHBhdGggb2YgZmlsZQogewogICAgQ0hBUiAqY3AsCiAgICAgICAgIGRbUEFU
SF9NQVhdOwotICAgSU5UICBpOworICAgdW5zaWduZWQgaW50IGk7CiAKICAgIGRbMF0gPSAwOwog
CisgICBpZiAoaXNfZGlyZWN0b3J5X3RyYXZlcnNhbChmKSkKKyAgIHsKKyAgICAgIGZfZXJyID0g
RVJSX1dSSVRFOworICAgICAgcHJpbnRmKCJcbiAgICBEaXJlY3RvcnkgdHJhdmVyc2FsIGF0dGVt
cHQ6ICAlc1xuIiwgZik7CisgICAgICByZXR1cm47CisgICB9CisKICAgIGZvciAoOzspCiAgICB7
CiAgICAgICBpZiAoKGNwID0gKENIQVIgKikgc3RyY2hyKCZmW3N0cmxlbihkKSArIDFdLCBESVJT
RVApKSE9TlVMTCkKICAgICAgIHsKICAgICAgICAgIGkgPSBjcCAtIGY7CisgICAgICAgICBpZiAo
aSA+IChQQVRIX01BWCAtIDEpKQorICAgICAgICAgICBpID0gUEFUSF9NQVggLSAxOwogICAgICAg
ICAgc3RybmNweShkLCBmLCBpKTsKICAgICAgICAgIGRbaV0gPSAwOwogICAgICAgfQotLS0gdW5h
Y2UuYy5vbGQJMTk5OC0wNy0wMSAxMDoyOTowMC4wMDAwMDAwMDAgKzAyMDAKKysrIHVuYWNlLmMJ
MjAwNS0wMi0xNCAwMTo0MzoyOC4wMDAwMDAwMDAgKzAxMDAKQEAgLTI0MCw2ICsyNDAsNyBAQCBJ
TlQgcmVhZF9hcmNfaGVhZCh2b2lkKSAgICAgICAgIC8vIHNlYXJjCiBJTlQgIG9wZW5fYXJjaGl2
ZShJTlQgcHJpbnRfZXJyKSAgICAgICAgLy8gb3BlbnMgYXJjaGl2ZSAob3Igdm9sdW1lKQogewog
ICAgQ0hBUiBhdl9zdHJbODBdOworICAgdW5zaWduZWQgaW50IGNvcHlsZW47CiAKICAgIGFyY2hh
biA9IG9wZW4oYW5hbWUsIE9fUkRPTkxZIHwgT19CSU5BUlkpOyAgIC8vIG9wZW4gZmlsZQogCkBA
IC0yNjMsOCArMjY0LDExIEBAIElOVCAgb3Blbl9hcmNoaXZlKElOVCBwcmludF9lcnIpICAgICAg
ICAKICAgICAgIHNwcmludGYoYXZfc3RyLCAiXG5jcmVhdGVkIG9uICVkLiVkLiVkIGJ5ICIsCiAg
ICAgICAgICAgICAgIHRzX2RheShhZGF0LnRpbWVfY3IpLCB0c19tb250aChhZGF0LnRpbWVfY3Ip
LCB0c195ZWFyKGFkYXQudGltZV9jcikpOwogICAgICAgcHJpbnRmKGF2X3N0cik7Ci0gICAgICBz
dHJuY3B5KGF2X3N0ciwgbWhlYWQuQVYsIG1oZWFkLkFWX1NJWkUpOwotICAgICAgYXZfc3RyW21o
ZWFkLkFWX1NJWkVdID0gMDsKKyAgICAgIGNvcHlsZW4gPSBtaGVhZC5BVl9TSVpFOworICAgICAg
aWYgKGNvcHlsZW4gPiA3OSkKKyAgICAgICAgY29weWxlbiA9IDc5OworICAgICAgc3RybmNweShh
dl9zdHIsIG1oZWFkLkFWLCBjb3B5bGVuKTsKKyAgICAgIGF2X3N0cltjb3B5bGVuXSA9IDA7CiAg
ICAgICBwcmludGYoIiVzXG5cbiIsIGF2X3N0cik7CiAgICB9CiAgICBjb21tZW50X291dCgiTWFp
biBjb21tZW50OiIpOyAgICAgICAgLy8gcHJpbnQgbWFpbiBjb21tZW50CkBAIC0zMDAsNyArMzA0
LDcgQEAgdm9pZCBnZXRfbmV4dF92b2xuYW1lKHZvaWQpICAgICAgICAgICAgIAogSU5UICBwcm9j
X3ZvbCh2b2lkKSAgICAgICAgICAgICAgICAgICAgIC8vIG9wZW5zIHZvbHVtZQogewogICAgSU5U
ICBpOwotICAgQ0hBUiBzWzgwXTsKKyAgIENIQVIgc1tQQVRIX01BWCArIDgwXTsKIAogICAgLy8g
aWYgZl9hbGx2b2xfcHIgaXMgMiB3ZSBoYXZlIC15IGFuZCBzaG91bGQgbmV2ZXIgYXNrCiAgICBp
ZiAoKCFmaWxlZXhpc3RzX2luc2Vuc2UoYW5hbWUpICYmIGZfYWxsdm9sX3ByICE9IDIpIHx8ICFm
X2FsbHZvbF9wcikKQEAgLTQyOCw3ICs0MzIsNyBAQCB2b2lkIGV4dHJhY3RfZmlsZXMoaW50IG5v
cGF0aCwgaW50IHRlc3QpCiAgICAgICBpZiAoaGVhZC5IRUFEX1RZUEUgPT0gRklMRV9CTEspCiAg
ICAgICB7CiAgICAgICAgICBjb21tZW50X291dCgiRmlsZSBjb21tZW50OiIpOyAgIC8vIHNob3cg
ZmlsZSBjb21tZW50Ci0gICAgICAgICBhY2VfZm5hbWUoZmlsZSwgJmhlYWQsIG5vcGF0aCk7IC8v
IGdldCBmaWxlIG5hbWUKKyAgICAgICAgIGFjZV9mbmFtZShmaWxlLCAmaGVhZCwgbm9wYXRoLCBz
aXplb2YoZmlsZSkpOyAvLyBnZXQgZmlsZSBuYW1lCiAgICAgICAgICBwcmludGYoIlxuJXMiLCBm
aWxlKTsKICAgICAgICAgIGZsdXNoOwogICAgICAgICAgZGNwcl9pbml0X2ZpbGUoKTsgICAgICAg
ICAgICAgICAvLyBpbml0aWFsaXplIGRlY29tcHJlc3Npb24gb2YgZmlsZQpAQCAtNDk2LDcgKzUw
MCw3IEBAIHZvaWQgbGlzdF9maWxlcyhpbnQgdmVyYm9zZSkKICAgICAgIGlmIChoZWFkLkhFQURf
VFlQRSA9PSBGSUxFX0JMSykKICAgICAgIHsKICAgICAgICAgIFVMT05HIHRpPWZoZWFkLkZUSU1F
OwotICAgICAgICAgYWNlX2ZuYW1lKGZpbGUsICZoZWFkLCB2ZXJib3NlID8gMCA6IDEpOyAvLyBn
ZXQgZmlsZSBuYW1lCisgICAgICAgICBhY2VfZm5hbWUoZmlsZSwgJmhlYWQsIHZlcmJvc2UgPyAw
IDogMSwgc2l6ZW9mKGZpbGUpKTsgLy8gZ2V0IGZpbGUgbmFtZQogCiAgICAgICAgICBzaXplICAr
PSBmaGVhZC5TSVpFOwogICAgICAgICAgcHNpemUgKz0KQEAgLTU4OCw3ICs1OTIsOCBAQCBpbnQg
bWFpbihJTlQgYXJnYywgQ0hBUiAqIGFyZ3ZbXSkgICAgICAgCiAKICAgICAgIGluaXRfdW5hY2Uo
KTsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAvLyBpbml0aWFsaXplIHVuYWNlCiAKLSAg
ICAgIHN0cmNweShhbmFtZSwgYXJndlthcmdfY250XSk7ICAgICAgICAgICAgICAvLyBnZXQgYXJj
aGl2ZSBuYW1lCisgICAgICBzdHJuY3B5KGFuYW1lLCBhcmd2W2FyZ19jbnRdLCBzaXplb2YoYW5h
bWUpIC0gNCk7ICAvLyBnZXQgYXJjaGl2ZSBuYW1lCisgICAgICBhbmFtZVtzaXplb2YoYW5hbWUp
IC0gNV0gPSAnXDAnOwogICAgICAgaWYgKCEocyA9IChDSEFSICopIHN0cnJjaHIoYW5hbWUsIERJ
UlNFUCkpKQogICAgICAgICAgcyA9IGFuYW1lOwogICAgICAgaWYgKCFzdHJyY2hyKHMsICcuJykp
Cg==
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0
Content-Type: application/octet-stream; name="bufoflow1.ace"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bufoflow1.ace"
RBWLAAAAECoqQUNFKioKCgMAAAAAAFtNRVRBVVJdblVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVAAA=
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0
Content-Type: application/octet-stream; name="bufoflow2.ace"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="bufoflow2.ace"
UBceAAAAECoqQUNFKioKCgMAAAAAAFtNRVRBVVJdAVUAACv9TAIBAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAACsCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVAAA=
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0
Content-Type: application/octet-stream; name="dirtraversal1.ace"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dirtraversal1.ace"
UBceAAAAECoqQUNFKioKCgMAAAAAAFtNRVRBVVJdAVUAAINfTAABAAAAAAAAAAAAAAAAAAAAAAAA
/////wAAAAAAACwALi4vLi4vLi4vLi4vLi4vLi4vLi4vdG1wL3VuYWNlLWRpci10cmF2ZXJzYWwA
AA==
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0
Content-Type: application/octet-stream; name="dirtraversal2.ace"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="dirtraversal2.ace"
UBceAAAAECoqQUNFKioKCgMAAAAAAFtNRVRBVVJdAVUAALZ0OAABAAAAAAAAAAAAAAAAAAAAAAAA
/////wAAAAAAABgAL3RtcC91bmFjZS1kaXItdHJhdmVyc2FsAAA=
---MOQ110929224033f25dcdfa800edb80c5b85039820dd0--
---------------------------------------
Received: (at 296839-close) by bugs.debian.org; 27 Feb 2005 02:53:05 +0000
>From [EMAIL PROTECTED] Sat Feb 26 18:53:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D5EYL-0000Jq-00; Sat, 26 Feb 2005 18:53:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D5ESi-0002IE-00; Sat, 26 Feb 2005 21:47:16 -0500
From: Guillem Jover <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#296839: fixed in unace 1.2b-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 26 Feb 2005 21:47:16 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: unace
Source-Version: 1.2b-3
We believe that the bug you reported is fixed in the latest version of
unace, which is due to be installed in the Debian FTP archive:
unace_1.2b-3.diff.gz
to pool/main/u/unace/unace_1.2b-3.diff.gz
unace_1.2b-3.dsc
to pool/main/u/unace/unace_1.2b-3.dsc
unace_1.2b-3_i386.deb
to pool/main/u/unace/unace_1.2b-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guillem Jover <[EMAIL PROTECTED]> (supplier of updated unace package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 27 Feb 2005 03:03:16 +0100
Source: unace
Binary: unace
Architecture: source i386
Version: 1.2b-3
Distribution: unstable
Urgency: high
Maintainer: Guillem Jover <[EMAIL PROTECTED]>
Changed-By: Guillem Jover <[EMAIL PROTECTED]>
Description:
unace - extract, test and view .ace archives
Closes: 248374 296839
Changes:
unace (1.2b-3) unstable; urgency=high
.
* Fix several buffer overflows [CAN-2005-0160] and directory
traversal bugs [CAN-2005-0161]. (Closes: #296839, #248374)
Thanks to Ulf Härnhammar <[EMAIL PROTECTED]>.
* Use License: instead of missplaced Copyright: on debian/copyright.
* Provide a patch target instead of pre-build.
- debian/patch.mk: Likewise.
- debian/rules: Fix accordingly.
Files:
b507e76d2bae0bec0f2c24a863e177c8 551 utils optional unace_1.2b-3.dsc
8d22d813b4d4ce961bdce914fe665e1e 11255 utils optional unace_1.2b-3.diff.gz
c705344cbf7f187158b296be96ef7407 15032 utils optional unace_1.2b-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCIT70uW9ciZ2SjJsRAskzAKC9RU8LnF9UeCQUCbKwd/YE0iRwEQCgsECw
EodzI0zt7NyOeljHkBxjkgA=
=8uOO
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
