libmspack (0.5-1ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in mspack/chmd.c.
    - CVE-2019-1010305

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 17 Jul 2019 12:04:22 -0300

libmspack (0.5-1ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in cab.h
    - CVE-2018-18584

 -- Alex Murray <alex.murray@canonical.com>  Fri, 09 Nov 2018 10:35:47 +1030

libmspack (0.5-1ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in chmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in Makefile.am,
      mspack/kwajd.c, test/kwajd_test.c and add some files
      for test propose in test_files/kwajd/f*.kwj.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in mspack/chmd.c.
    - CVE-2018-14682

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 01 Aug 2018 11:29:49 -0300

libmspack (0.5-1ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via crafted CHM file
    - debian/patches/CVE-2017-6419.patch: reject negative output length in
      SpanInfo in mspack/chmd.c, mspack/lzxd.c, mspack/mszipd.c,
      mspack/qtmd.c.
    - CVE-2017-6419
  * SECURITY UPDATE: DoS via crafted CAB file
    - debian/patches/CVE-2017-11423.patch: fix error handling in
      mspack/cabd.c.
    - CVE-2017-11423

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 Aug 2017 07:42:41 -0400

libmspack (0.5-1) unstable; urgency=medium

  * New upstream fix-only release:
    + Fix previously reported bugs with an upstream approved patch
      (#773041, #774725, #774726)
    + Fixes many security-sensitive bugs (Closes: #775687, #775498,
      #774665, #775499).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Mon, 02 Feb 2015 19:41:59 +0100

libmspack (0.4-3) unstable; urgency=medium

  * Added (slightly modified/split) patches from Jakub Wilk to fix
    programmation errors causing segfaults and security issues:
    - fix-division-by-zero.patch
    - fix-pointer-arithmetic-overflow.patch
    - fix-name-field-boundaries.patch
    (Closes: #774725, #774726)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 13 Jan 2015 22:51:40 +0100

libmspack (0.4-2) unstable; urgency=medium

  * Added patch 'qtmd-fix-frame_end-overflow.patch' to fix an overflow
    causing an infinite loop in some situation (Closes: #773041).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 30 Dec 2014 17:40:47 +0100

libmspack (0.4-1) unstable; urgency=low

  * Initial release. (Closes: #711232)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Fri, 16 Aug 2013 23:47:01 +0200
