libmspack (0.5-1+deb9u3) stretch; urgency=high

  * Non-maintainer upload by the LTS Team. 
  * CVE-2018-18584 (Closes: #911640)
    Fixing the size of the CAB block input buffer, which is too small
    for the maximal Quantum block, prevents an out-of-bounds write.
  * CVE-2018-18585 (Closes: #911637)
    Blank filenames (having length zero or their 1st or 2nd byte is
    null) should be rejected.
 
 -- Thorsten Alteholz <debian@alteholz.de>  Fri, 26 Oct 2018 19:03:02 +0200

libmspack (0.5-1+deb9u2) stretch-security; urgency=high

  * Non-maintainer upload.
  * Add security related patches:
    - 0b0ef9344255 ("kwaj_read_headers(): fix handling of non-terminated
      strings") CVE-2018-14681 (Closes: 904799).
    - 4fd9ccaa54e1 ("Fix off-by-one error in chmd TOLOWER() fallback")
      CVE-2018-14682 (Closes: 904800).
    - 72e70a921f0f ("Fix off-by-one bounds check on CHM PMGI/PMGL chunk
      numbers and reject empty filenames.") CVE-2018-14679,
      CVE-2018-14680 (Closes: 904802, 904801).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Thu, 02 Aug 2018 19:18:37 +0200

libmspack (0.5-1+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload.
  * Correct rejection of empty strings.
  * Fix mis-handling of sys->read() errors in cabd_read_string()
    (CVE-2017-11423) (Closes: #868956).
  * Reject negative output length in SpanInfo (CVE-2017-6419)
    (Closes: #871263).

 -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 16 Aug 2017 21:42:50 +0200

libmspack (0.5-1) unstable; urgency=medium

  * New upstream fix-only release:
    + Fix previously reported bugs with an upstream approved patch
      (#773041, #774725, #774726)
    + Fixes many security-sensitive bugs (Closes: #775687, #775498,
      #774665, #775499).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Mon, 02 Feb 2015 19:41:59 +0100

libmspack (0.4-3) unstable; urgency=medium

  * Added (slightly modified/split) patches from Jakub Wilk to fix
    programmation errors causing segfaults and security issues:
    - fix-division-by-zero.patch
    - fix-pointer-arithmetic-overflow.patch
    - fix-name-field-boundaries.patch
    (Closes: #774725, #774726)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 13 Jan 2015 22:51:40 +0100

libmspack (0.4-2) unstable; urgency=medium

  * Added patch 'qtmd-fix-frame_end-overflow.patch' to fix an overflow
    causing an infinite loop in some situation (Closes: #773041).

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Tue, 30 Dec 2014 17:40:47 +0100

libmspack (0.4-1) unstable; urgency=low

  * Initial release. (Closes: #711232)

 -- Marc Dequènes (Duck) <Duck@DuckCorp.org>  Fri, 16 Aug 2013 23:47:01 +0200
