-
dosfstools (3.0.28-1ubuntu0.1) wily-security; urgency=medium
* SECURITY UPDATE: out of bounds read denial of service
- debian/patches/date_oob_read.patch: prevent out of bounds array read
in src/check.c.
- No CVE number
* SECURITY UPDATE: memory corruption via off-by-2 in FAT12
- debian/patches/CVE-2015-8872.patch: fix FAT12 logic in src/fat.c.
- CVE-2015-8872
* SECURITY UPDATE: heap overflow via excessive FAT size specifications
- debian/patches/CVE-2016-4804.patch: change size and perform checks in
src/boot.c, src/fsck.fat.h.
- CVE-2016-4804
-- Marc Deslauriers <email address hidden> Wed, 25 May 2016 15:35:23 -0400
-
dosfstools (3.0.28-1) unstable; urgency=medium
* New upstream version 3.0.28
- interactive repair mode is now the default for fsck.fat, ending
confusion about the previous default mode that looked like interactive
repair but never offered the option at the end to actually modify the
filesystem (Closes: #417639)
- fsck.fat now checks that the first cluster of a file is not 1, thereby
also preventing a possible segfault (Closes: #773885)
- 0xF0 is now allowed to be specified as media type for mkfs.fat
(Closes: #753951)
-- Andreas Bombe <email address hidden> Mon, 01 Jun 2015 02:33:30 +0200
-
dosfstools (3.0.27-1) unstable; urgency=medium
* New upstream version 3.0.27
- fixes fatlabel mangling long file names in root directory
(Closes: #768909)
- fixes spurious uncorrectable empty file name error reported by
fsck.fat (thanks to AlexisM for finding the cause)
(Closes: #764992)
* New maintainer
* New upstream, change debian/watch and fields in debian/control and
debian/copyright accordingly
* Remove 0001-LFN-is-no-volume-entry.patch, already fixed in upstream
-- Andreas Bombe <email address hidden> Wed, 12 Nov 2014 03:21:26 +0100
