[Bug 1169636] Re: lintian: CVE-2013-1429 - path traversal/information disclosure
Niels Thykier
niels at thykier.net
Tue Apr 16 16:42:41 UTC 2013
Attached is a tarball containing a set of patches for fixing this in
2.5.6.
For Lintian 2.5.10.X, the patches can be pulled from upstream's git repository via:
git show 2.5.10.4..2.5.10.5
For Lintian 2.5.11:
git show a5680cc4f7ca733f83a16c9bff0e0fa10525c46e..751dee4653e5960ca03f3164c15bb849a85fc976
For Lintian 2.4.3:
git show 8a6f1682051c39ecc0088acb194ea7754b23a553..ddd524862684bbbc3b6c045b400dd7e5767c5935
~Niels
** Attachment added: "tarball of patches for 2.5.6ish"
https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636/+attachment/3645696/+files/lintian-2.5.6-patches.tar.gz
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to lintian in Ubuntu.
https://bugs.launchpad.net/bugs/1169636
Title:
lintian: CVE-2013-1429 - path traversal/information disclosure
Status in “lintian” package in Ubuntu:
New
Bug description:
An "unimportant" security vulnerabilities have been found in Lintian.
In short, using crafted packages an attacker could have Lintian leak
information about the "host" system provided the raw log is available.
Fixes available in 2.5.10.5 and 2.5.12.
(Reference: http://bugs.debian.org/705553)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636/+subscriptions
More information about the foundations-bugs
mailing list