-
xz-utils (5.2.4-1ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary file overwrite or code execution with
crafted file names
- debian/patches/CVE-2022-1271.patch: fix escaping of malicious
filenames in src/scripts/xzgrep.in.
- CVE-2022-1271
-- Marc Deslauriers <email address hidden> Fri, 08 Apr 2022 08:56:10 -0400
-
xz-utils (5.2.4-1ubuntu1) focal; urgency=medium
* Use the generic % rule in debian/rules, otherwise it FTBFS with
debhelper 12.5. Closes: #945961. LP: #1870088.
-- Tiago Stürmer Daitx <email address hidden> Mon, 20 Apr 2020 21:43:24 +0000
-
xz-utils (5.2.4-1) unstable; urgency=low
* New upstream release. Closes: #851615.
* Standards-Version: 4.3.0 (checked).
* Use an XZ compressed tarball for upstream source.
* Add upstream signing key and verify tarball at "uscan" time.
* Drop patches; all were applied or otherwise fixed upstream.
* Update copyright file.
* debian/control:
- Use a stable repo.or.cz URL for packaging repo.
Closes: #826382. Thanks to Rolf Leggewie.
- Use https for upstream homepage URL.
- No longer Build-Depends: freebsd-glue on kfreebsd.
* get-orig-source: Use https for upstream Git repository.
* liblzma:
- Remove compatibility tricks that permit sharing a process with
liblzma.so.2. This means liblzma.a no longer depends on libdl
at run time.
Closes: #919950. Thanks to Josh Triplett.
- Breaks: liblzma2 versions without symbol versioning.
- Priority: optional.
* xz-utils:
- Lower priority of xz-utils to standard. Closes: #685203.
- README.Debian: Remove notes about differences from upstream.
- Remove old NEWS.Debian.
-- Jonathan Nieder <email address hidden> Sun, 27 Jan 2019 17:09:34 -0800
