flightcrew (0.7.2+dfsg-6ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference (DoS) when processing crafted
EPUB file
- debian/patches/CVE-2019-13032-1.patch: prevent segfault from malformed
opf items in GetRelativePathToNcx()
- debian/patches/CVE-2019-13032-2.patch: prevent segfault from malformed
opf items in GetRelativePathsToXhtmlDocuments()
- CVE-2019-13032
* SECURITY UPDATE: Zip Slip directory traversal when processing a crafted
EPUB file
- debian/patches/CVE-2019-13241-1.patch: try to make extracting epbs safer
- debian/patches/CVE-2019-13241-2.patch: further harden zip extraction to
always be safe
- debian/patches/CVE-2019-13241-3.patch: harden further by throwing
exception
- CVE-2019-13241
* SECURITY UPDATE: Infinite loop leading to DoS and resource consumption
- debian/patches/CVE-2019-13453.patch: Prevent infinite loop in zipios
library by checking for EOF
- CVE-2019-13453
Date: 2019-07-11 18:16:08.176250+00:00
Changed-By: Mike Salvatore <mike.salvat...@canonical.com>
https://launchpad.net/ubuntu/+source/flightcrew/0.7.2+dfsg-6ubuntu0.1
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes