[ubuntu/lucid-security] devscripts 2.10.61ubuntu5.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Oct 2 20:13:14 UTC 2012

devscripts (2.10.61ubuntu5.3) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via insufficient validation
    in dscverify
    - scripts/dscverify.pl: perform better validation.
    - 22881936e53e6b585d3dc60f3161e9d704c5138d
    - CVE-2012-2240
  * SECURITY UPDATE: arbitrary file deletion via insufficient validation
    in dget
    - scripts/dget.pl: strip invalid characters.
    - 79d27778321f7bb778097cfb7a724ae976fb4fbd
    - CVE-2012-2241
  * SECURITY UPDATE: arbitrary code execution via improper argument
    escaping in dget
    - scripts/dget.pl: escape $file better, and call system() with proper
    - db49f493baaac2387a4dd76370c1018109e31dfc
    - CVE-2012-2242
  * SECURITY UPDATE: file alteration via TOCTOU in annotate-output
    - scripts/annotate-output.sh: prevent symlink attack.
    - 1bbe2163987c53064a4cd57712927f4b06c01032
    - CVE-2012-3500
  * REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
    - 252a42d225f489e398f3c0402c1f7d1e9a4451c0

Date: 2012-10-02 19:35:16.957961+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Lucid-changes mailing list