lha (1.14i-10.1) unstable; urgency=high * Security NMU for vulnerabilities inherited from GNU Gzip: [CVE-2006-4335 CVE-2006-4337 CVE-2006-4338] -- Moritz Muehlenhoff Wed, 13 Dec 2006 20:21:32 +0100 lha (1.14i-10) unstable; urgency=high * debian/patch.redhat-sec2: Add one more security patch to fix: - CAN-2004-0771 (-w working directory option buffer overflow) http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0771 - CAN-2004-0769 (buffer overflow can be executed arbitrary code via long pathnames in headers, another issue of bug fixed in -9) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0769 - CAN-2004-0745 (execute arbitrary commands via a directory with shell metacharacters in its name.) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0745 - CAN-2004-0694 (reserved number) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0694 taken from RedHat patch. (Closes: #279870) * man/lha.n: Fix typo "flie" instead of "file". (Closes: #277545) -- GOTO Masanori Sat, 13 Nov 2004 15:31:22 +0900 lha (1.14i-9) unstable; urgency=high * debian/patch.header-overflow: Add fix another lha buffer overflow problem. It warns when hitting an archive which includes long directory name with option l, v, x. See: http://lw.ftw.zamosc.pl/lha-exploit.txt http://www.securityfocus.com/archive/1/363418 http://bugs.gentoo.org/show_bug.cgi?id=51285 Thanks to Lukasz Wojtow for pointing this problem. -- GOTO Masanori Wed, 16 Jun 2004 09:51:06 +0900 lha (1.14i-8) unstable; urgency=high * debian/patch.CAN-2004-0234_0235: Add fix CAN-2004-0235 symlink part patches. (Closes: #247355, #247357) -- GOTO Masanori Sat, 8 May 2004 02:24:57 +0900 lha (1.14i-7) unstable; urgency=high * debian/patch.CAN-2004-ulf: Add to fix CAN-2004-0234 (buffer overflows), CAN-2004-0235 (directory traversal). See: http://marc.theaimsgroup.com/?l=full-disclosure&m=108345064008698&w=2 * debian/control: Change my mail address. -- GOTO Masanori Thu, 6 May 2004 15:13:14 +0900 lha (1.14i-6) unstable; urgency=low * debian/copyright: Added more copyright license statement, translated by Osamu Aoki . * debian/copyright: Added good summary of upstream author, investigated by Osamu Aoki and Tatsuya Kinoshita . * debian/header-e.doc: Added English version of header.doc (LHa header structure format document) translated by Osamu Aoki . -- GOTO Masanori Tue, 27 Aug 2002 13:08:22 +0900 lha (1.14i-5) unstable; urgency=low * debian/patch.multibyte: Add multibyte character mode option 'y'. You can use multibyte filename especially SHIFTJIS code with this option. -- GOTO Masanori Fri, 19 Jul 2002 16:57:11 +0900 lha (1.14i-4) unstable; urgency=low * debian/copyright: add original/translated license statement (closes: Bug#144582). -- GOTO Masanori Wed, 1 May 2002 09:53:24 +0900 lha (1.14i-3) unstable; urgency=low * fix lha reports a wrong version number (closes: Bug#135199). -- GOTO Masanori Sun, 3 Mar 2002 21:38:46 +0900 lha (1.14i-2) unstable; urgency=low * Applied the patch not to get compiling warning message. Patched by Paul Slootman . (Closes: #109634). -- GOTO Masanori Thu, 23 Aug 2001 00:26:53 +0900 lha (1.14i-1) unstable; urgency=low * New upstream release (Closes: #62256). * New maintainer. * Updated Standards-version 3.5.2. * Use build this package with dh_*. * New upstream version is ready for -lh7- format (Closes: #67592). * Japanese manual is now included (Closes: #49245). * Unclosed Bugs (No copyright file is included) has just re-closed (Closes: #48748). -- GOTO Masanori Sun, 22 Jul 2001 13:11:50 +0900 lha (1.14e-2) unstable; urgency=low * Moved /usr/man/* and /usr/doc/* under /usr/share. Closes: #80759. * Updated Standards-version, fixed lintian warnings. -- Steve McIntyre Sun, 21 Jan 2001 17:35:52 +0000 lha (1.14e-0) unstable; urgency=low * New upstream release. Thanks to Jiro Iwamoto for pointing this out. -- Steve McIntyre Sun, 25 Jul 1999 23:05:24 +0100 lha (1.14d-1) unstable; urgency=low * Fixed manpage - no need to specify "-b" for command line help. Closes bug #33328. -- Steve McIntyre Sun, 14 Feb 1999 16:24:44 +0000 lha (1.14d-0) unstable; urgency=low * New upstream release. Thanks to Tomohiro KUBOTA for pointing this out. -- Steve McIntyre Sat, 16 Jan 1999 21:54:37 +0000 lha (1.14c-1) frozen unstable; urgency=low * New man page, supplied by Martin Schulze . Fixes Bug#27195. -- Steve McIntyre Sun, 18 Oct 1998 13:53:12 +0100 lha (1.14c-0) unstable; urgency=low * New upstream release. Thanks to Atsushi KAMOSHIDA for pointing this out. -- Steve McIntyre Sat, 15 Aug 1998 14:16:19 +0100 lha (1.00-6) unstable; urgency=low * New maintainer. -- Steve McIntyre Mon, 12 Jan 1998 00:09:12 +0000 lha (1.00-5) unstable; urgency=low, closes=16756 * Corrected Standards-Version to 2.3.0.1 (Bug#16756) -- Martin Schulze Fri, 9 Jan 1998 02:08:03 +0100 lha (1.00-4) unstable; urgency=low * Compiled against libc6 (Bug#11696) -- Martin Schulze Wed, 31 Dec 1997 20:51:38 +0100 lha (1.00-3) unstable; urgency=low * Corrected manpage (Bug#7980) * New maintainer address -- Martin Schulze Mon, 28 Apr 1997 13:10:10 +0200 lha (1.00-2) unstable; urgency=low * Installed ChangeLog files * Converted into new packaging scheme -- Martin Schulze Sun, 23 Feb 1997 12:22:13 +0100