[ubuntu/hardy-security] devscripts_2.10.11ubuntu5.8.04.5_amd64_translations.tar.gz, devscripts_2.10.11ubuntu5.8.04.5_hppa_translations.tar.gz, devscripts_2.10.11ubuntu5.8.04.5_sparc_translations.tar.gz, devscripts_2.10.11ubuntu5.8.04.5_lpia_translations.tar.gz, devscripts_2.10.11ubuntu5.8.04.5_i386_translations.tar.gz, devscripts_2.10.11ubuntu5.8.04.5_ia64_translations.tar.gz, devscripts, devscripts_2.10.11ubuntu5.8.04.5_powerpc_translations.tar.gz 2.10.11ubuntu5.8.04.5 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Wed Feb 15 17:04:02 UTC 2012
devscripts (2.10.11ubuntu5.8.04.5) hardy-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Date: Wed, 15 Feb 2012 03:33:36 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/devscripts/2.10.11ubuntu5.8.04.5
-------------- next part --------------
Format: 1.7
Date: Wed, 15 Feb 2012 03:33:36 -0600
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.10.11ubuntu5.8.04.5
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
devscripts - Scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.10.11ubuntu5.8.04.5) hardy-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Files:
8c88a3445c4d6a131fae5a5e973db968 1891 devel optional devscripts_2.10.11ubuntu5.8.04.5.dsc
048c6847b34d0513909dabdfaaceecce 494567 devel optional devscripts_2.10.11ubuntu5.8.04.5.tar.gz
Original-Maintainer: Devscripts Devel Team <pkg-devscripts at teams.debian.net>
More information about the Hardy-changes
mailing list