[ubuntu/natty-security] devscripts 2.10.69ubuntu2.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Oct 2 20:13:16 UTC 2012
devscripts (2.10.69ubuntu2.2) natty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via insufficient validation
in dscverify
- scripts/dscverify.pl: perform better validation.
- 22881936e53e6b585d3dc60f3161e9d704c5138d
- CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
in dget
- scripts/dget.pl: strip invalid characters.
- 79d27778321f7bb778097cfb7a724ae976fb4fbd
- CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
escaping in dget
- scripts/dget.pl: escape $file better, and call system() with proper
arguments.
- db49f493baaac2387a4dd76370c1018109e31dfc
- CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
- scripts/annotate-output.sh: prevent symlink attack.
- 1bbe2163987c53064a4cd57712927f4b06c01032
- CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
- 252a42d225f489e398f3c0402c1f7d1e9a4451c0
Date: 2012-09-26 19:30:12.063834+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/natty/+source/devscripts/2.10.69ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Natty-changes
mailing list