libmspack (0.6-3ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-1010305.patch: length checks when looking
      for control files in mspack/chmd.c.
    - CVE-2019-1010305

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 17 Jul 2019 12:06:02 -0300

libmspack (0.6-3ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-18585.patch: Ensure file names are valid in chmd.c
    - CVE-2018-18585
  * SECURITY UPDATE: One byte buffer overflow -
    - debian/patches/CVE-2018-18584.patch: Ensure input buffer is large
      enough in cab.h
    - CVE-2018-18584

 -- Alex Murray <alex.murray@canonical.com>  Thu, 08 Nov 2018 22:45:35 +1030

libmspack (0.6-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-14679-and-CVE-2018-14680.patch:
      fix in chmd.c.
    - CVE-2018-14679
    - CVE-2018-14680
  * SECURITY UPDATE: Bytes overwire with bad KWAJ file extension
    - debian/patches/CVE-2018-14681.patch: fix in Makefile.am,
      mspack/kwajd.c, test/kwajd_test.c and add some files
      for test propose in test_files/kwajd/f*.kwj.
    - CVE-2018-14681
  * SECURITY UPDATE: Off-by-one error
    - debian/patches/CVE-2018-14682.patch: fix in mspack/chmd.c.
    - CVE-2018-14682

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 01 Aug 2018 10:40:12 -0300

libmspack (0.6-3) unstable; urgency=medium

  * Move doc generation in dh's indep rules to fix FTBFS

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Thu, 17 Aug 2017 09:49:02 +0900

libmspack (0.6-2) unstable; urgency=medium

  * Missing dependency on 'doxygen' for doc creation (Closes: #872193)
  * Fixed lintian useless-autoreconf-build-depends.

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Thu, 17 Aug 2017 08:16:01 +0900

libmspack (0.6-1) unstable; urgency=medium

  * New upstream release:
    + Fix CVE-2017-6419 (Closes: #871263)
    + Fix CVE-2017-11423 (Closes: #868956)
  * Fix building documentation.
  * Use HTTPS in package metadata.
  * Transition to automatic debug packages.
  * Package now conforms to Standards-Version 4.0.0.
  * Switch to compat level 10.

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 15 Aug 2017 06:08:38 +0900

libmspack (0.5-1) unstable; urgency=medium

  * New upstream fix-only release:
    + Fix previously reported bugs with an upstream approved patch
      (#773041, #774725, #774726)
    + Fixes many security-sensitive bugs (Closes: #775687, #775498,
      #774665, #775499).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Mon, 02 Feb 2015 19:41:59 +0100

libmspack (0.4-3) unstable; urgency=medium

  * Added (slightly modified/split) patches from Jakub Wilk to fix
    programmation errors causing segfaults and security issues:
    - fix-division-by-zero.patch
    - fix-pointer-arithmetic-overflow.patch
    - fix-name-field-boundaries.patch
    (Closes: #774725, #774726)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 13 Jan 2015 22:51:40 +0100

libmspack (0.4-2) unstable; urgency=medium

  * Added patch 'qtmd-fix-frame_end-overflow.patch' to fix an overflow
    causing an infinite loop in some situation (Closes: #773041).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 30 Dec 2014 17:40:47 +0100

libmspack (0.4-1) unstable; urgency=low

  * Initial release. (Closes: #711232)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Fri, 16 Aug 2013 23:47:01 +0200
