libmspack (0.5-1ubuntu0.17.04.1) zesty-security; urgency=medium

  * SECURITY UPDATE: DoS and possible code execution via crafted CHM file
    - debian/patches/CVE-2017-6419.patch: reject negative output length in
      SpanInfo in mspack/chmd.c, mspack/lzxd.c, mspack/mszipd.c,
      mspack/qtmd.c.
    - CVE-2017-6419
  * SECURITY UPDATE: DoS via crafted CAB file
    - debian/patches/CVE-2017-11423.patch: fix error handling in
      mspack/cabd.c.
    - CVE-2017-11423

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 16 Aug 2017 07:42:41 -0400

libmspack (0.5-1) unstable; urgency=medium

  * New upstream fix-only release:
    + Fix previously reported bugs with an upstream approved patch
      (#773041, #774725, #774726)
    + Fixes many security-sensitive bugs (Closes: #775687, #775498,
      #774665, #775499).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Mon, 02 Feb 2015 19:41:59 +0100

libmspack (0.4-3) unstable; urgency=medium

  * Added (slightly modified/split) patches from Jakub Wilk to fix
    programmation errors causing segfaults and security issues:
    - fix-division-by-zero.patch
    - fix-pointer-arithmetic-overflow.patch
    - fix-name-field-boundaries.patch
    (Closes: #774725, #774726)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 13 Jan 2015 22:51:40 +0100

libmspack (0.4-2) unstable; urgency=medium

  * Added patch 'qtmd-fix-frame_end-overflow.patch' to fix an overflow
    causing an infinite loop in some situation (Closes: #773041).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 30 Dec 2014 17:40:47 +0100

libmspack (0.4-1) unstable; urgency=low

  * Initial release. (Closes: #711232)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Fri, 16 Aug 2013 23:47:01 +0200
