[ubuntu/natty-security] devscripts_2.10.69ubuntu2.1_armel_translations.tar.gz, devscripts, devscripts_2.10.69ubuntu2.1_powerpc_translations.tar.gz, devscripts_2.10.69ubuntu2.1_i386_translations.tar.gz, devscripts_2.10.69ubuntu2.1_amd64_translations.tar.gz 2.10.69ubuntu2.1 (Accepted)
Tyler Hicks
tyhicks at canonical.com
Wed Feb 15 17:03:30 UTC 2012
devscripts (2.10.69ubuntu2.1) natty-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Date: Wed, 15 Feb 2012 03:33:44 -0600
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/devscripts/2.10.69ubuntu2.1
-------------- next part --------------
Format: 1.8
Date: Wed, 15 Feb 2012 03:33:44 -0600
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.10.69ubuntu2.1
Distribution: natty-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Tyler Hicks <tyhicks at canonical.com>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.10.69ubuntu2.1) natty-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
- http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Checksums-Sha1:
991c033a5e7c7321e518a6a5cebe99ff0acb6de1 2220 devscripts_2.10.69ubuntu2.1.dsc
c005960c80df7f0750bd427fd977107a9953472c 741257 devscripts_2.10.69ubuntu2.1.tar.gz
Checksums-Sha256:
9ef44f2b409fe1b79807e3654c01ce39976af888ca2d76b69814147daa4f33fb 2220 devscripts_2.10.69ubuntu2.1.dsc
c0bf85f4b07a865cc98644e8226cbe4e07562c88df92c14f881d57b24522df2e 741257 devscripts_2.10.69ubuntu2.1.tar.gz
Files:
1b14686c2a16c342c9aee3b0043116e5 2220 devel optional devscripts_2.10.69ubuntu2.1.dsc
d72687d8587860e4f8eb852a0c2612a1 741257 devel optional devscripts_2.10.69ubuntu2.1.tar.gz
Original-Maintainer: Devscripts Devel Team <pkg-devscripts at teams.debian.net>
More information about the Natty-changes
mailing list