Format: 1.8 Date: Fri, 28 Oct 2022 14:43:41 -0400 Source: multipath-tools Binary: kpartx multipath-tools Built-For-Profiles: noudeb Architecture: armhf armhf_translations Version: 0.8.8-1ubuntu1.22.04.1 Distribution: jammy Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: kpartx - create device mappings for partitions multipath-tools - maintain multipath block device access Changes: multipath-tools (0.8.8-1ubuntu1.22.04.1) jammy-security; urgency=medium . * SECURITY UPDATE: symlink attack - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in .gitignore, Makefile.inc, libmultipath/defaults.h, multipath/Makefile, multipath/multipath.rules.in, multipath/tmpfiles.conf.in. - debian/multipath-tools.install: install tmpfiles.d/multipath.conf. - debian/rules: copy udev rule after build. - CVE-2022-41973 * SECURITY UPDATE: authorization bypass - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in interactive mode in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli_handlers.c, multipathd/main.c. - debian/patches/CVE-2022-41974.patch: more robust command parsing in multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h, multipathd/cli_handlers.c, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-2.patch: fix command completion with robust parser in multipathd/cli.c, multipathd/cli.h, multipathd/uxlsnr.c. - debian/patches/CVE-2022-41974-3.patch: add test for command parsing in Makefile.inc, tests/Makefile, tests/cli.c, multipathd/cli.h, multipathd/cli.c. - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling invalid commands in multipathd/uxlsnr.c. - CVE-2022-41974 Checksums-Sha1: 3bd701f1a01d2c29c0eae8fb5318b17c51a16cb9 68802 kpartx-dbgsym_0.8.8-1ubuntu1.22.04.1_armhf.ddeb 327fa7fb6507cb7554f594ac25f73c8ab227124b 28766 kpartx_0.8.8-1ubuntu1.22.04.1_armhf.deb 8add73b8661a8e088bbb68899669b9fe31876617 946240 multipath-tools-dbgsym_0.8.8-1ubuntu1.22.04.1_armhf.ddeb 3cf1073cd30e558ec5bfbc85fc288076911dff69 8306 multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf.buildinfo 7d8c51a0126d916c7793a1ddabb3ce162879d3a8 301330 multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf.deb a2fb93135f66b08e20553bafcffdf8e3c30be008 5883 multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf_translations.tar.gz Checksums-Sha256: 08596c9c147de9d6779a36b2e414468373e5410b1b123dc8551e6d9d1bec9a97 68802 kpartx-dbgsym_0.8.8-1ubuntu1.22.04.1_armhf.ddeb 6d7fd2288ad6be7e33be133399ba3d3a7326e00bdaaa576b3aab3aa504deb72d 28766 kpartx_0.8.8-1ubuntu1.22.04.1_armhf.deb a46572a93f3b123813fa8b522aa0a0602f64f0d8b143123b67d387f41a36c507 946240 multipath-tools-dbgsym_0.8.8-1ubuntu1.22.04.1_armhf.ddeb 2248b30bfd33dc3e5780520468834c53acefae1afbcb31ba1695b7a92aaf706c 8306 multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf.buildinfo 45b7ab1a1823b15b8083b607bc8e78367c2189324e82ae12465865d99bb3b2b5 301330 multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf.deb bd1ceaf7ba428d4973003596d34994eb313d645b4f46684a9808b3b4af8f227a 5883 multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf_translations.tar.gz Files: cdfccf5da86bf6404cba9ca40739c869 68802 debug optional kpartx-dbgsym_0.8.8-1ubuntu1.22.04.1_armhf.ddeb 8e88d52a24c9e9c6919121893b0b18a2 28766 admin optional kpartx_0.8.8-1ubuntu1.22.04.1_armhf.deb e69cabcfb882abbf1e727441e3df4e6a 946240 debug optional multipath-tools-dbgsym_0.8.8-1ubuntu1.22.04.1_armhf.ddeb 477bddc8710b61e9dc4ce87bf832e52d 8306 admin optional multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf.buildinfo 0f5cc723295f393f2f0f0bfa7a5fe76b 301330 admin optional multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf.deb 0e557b32d695716c34b2683f1ce0c61f 5883 raw-translations - multipath-tools_0.8.8-1ubuntu1.22.04.1_armhf_translations.tar.gz Original-Maintainer: Debian DM Multipath Team