[ubuntu/precise-security] devscripts 2.11.6ubuntu1.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Oct 2 20:13:12 UTC 2012
devscripts (2.11.6ubuntu1.4) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via insufficient validation
in dscverify
- scripts/dscverify.pl: perform better validation.
- 9fba4788933475185df5e58b7fa557e5e3fb15e4
- CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
in dget
- scripts/dget.pl: strip invalid characters
- 0fd15bdec07b085f9ef438dacd18e159ac60b810
- CVE-2012-2241
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
- scripts/annotate-output.sh: prevent symlink attack.
- 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
- CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
- f9a1a4c468671827d2650161cc33324fe0247a98
Date: 2012-09-26 19:35:12.251063+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/devscripts/2.11.6ubuntu1.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list