Fedora Legacy Test Update Notification: sharutils

Marc Deslauriers marcdeslauriers at videotron.ca
Fri May 6 02:05:39 UTC 2005


The rh73 packages had a version bump so they would upgrade the
previous release properly.

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-154991
Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154991
2005-05-05
---------------------------------------------------------------------

Name        : sharutils
7.3 Version : sharutils-4.2.1-12.8.legacy
9 Version   : sharutils-4.2.1-16.9.2.legacy
fc1 Version : sharutils-4.2.1-17.3.legacy
fc2 Version : sharutils-4.2.1-18.3.FC2.legacy
Summary     : The GNU shar utilities for managing shell archives.
Description :
The sharutils package contains the GNU shar utilities, a set of tools
for encoding and decoding packages of files (in binary or text format)
in a special plain text format called shell archives (shar). This
format can be sent through email (which can be problematic for regular
binary files). The shar utility supports a wide range of capabilities
(compressing, uuencoding, splitting long files for multi-part
mailings, providing checksums), which make it very flexible. After the
files have been sent, the unshar tool scans mail messages looking for
shar files. Unshar automatically strips off mail headers and
introductory text and then unpacks the shar files.

---------------------------------------------------------------------
Update Information:

Updated packages for sharutils which fix a security vulnerability are
now available.

The sharutils package contains a set of tools for encoding and decoding
packages of files in binary or text format.

A bug was found in the way unshar creates temporary files. A local user
could use symlinks to overwrite arbitrary files the victim running
unshar has write access to. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2005-0990 to this
issue.

All users of sharutils should upgrade to these packages, which resolve
this issue.

---------------------------------------------------------------------
Changelogs:

rh73:
* Thu May 05 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.1-12.8.legacy
- Bumped version number

* Sat Apr 16 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.1-12.7.x.1.legacy
- Added security fix for CAN-2005-0990

rh9:
* Sun Apr 17 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.1-16.9.2.legacy
- Added security fix for CAN-2005-0990

fc1:
* Sat Apr 16 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.1-17.3.legacy
- Added security fix for CAN-2005-0990

fc2:
* Sun May 01 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.1-18.3.FC2.legacy
- Added missing gettext and mailx BuildRequires

* Sun Apr 17 2005 Marc Deslauriers <marcdeslauriers at videotron.ca>
4.2.1-18.2.FC2.legacy
- Added security fix for CAN-2005-0990

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

b7bc64c53c9352cd872da7d6b05087a403eeb342
redhat/7.3/updates-testing/i386/sharutils-4.2.1-12.8.legacy.i386.rpm
ecd2c836c88cd4deee0f421695cf69c59dbd6895
redhat/7.3/updates-testing/SRPMS/sharutils-4.2.1-12.8.legacy.src.rpm
00132d8850d0db03c6adae00ecece7c99de20223
redhat/9/updates-testing/i386/sharutils-4.2.1-16.9.2.legacy.i386.rpm
715cf1cc13d0a99c379466299d67a0028bbc29c8
redhat/9/updates-testing/SRPMS/sharutils-4.2.1-16.9.2.legacy.src.rpm
000778eae9c2f079a98f5579669eecf841fba6c7
fedora/1/updates-testing/i386/sharutils-4.2.1-17.3.legacy.i386.rpm
3e2f5b5babcd978e4d1ef96af504f8ee6eb50fdc
fedora/1/updates-testing/SRPMS/sharutils-4.2.1-17.3.legacy.src.rpm
1211acde10ecca361e1ac19e72a82fd6dcda10f4
fedora/2/updates-testing/i386/sharutils-4.2.1-18.3.FC2.legacy.i386.rpm
08292d722a234c43a4fd9f0c24c33e36da8a35ed
fedora/2/updates-testing/SRPMS/sharutils-4.2.1-18.3.FC2.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050505/adac2ff1/attachment.sig>


More information about the fedora-legacy-list mailing list