[Bug 706076] [NEW] invalid paths in binary package

[Launchpad Bug Tracker]

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Jamie Strandboge (jdstrand):

While performing binary NEW for this package, I came across invalid paths in the pidgin-openfetion_0.1-0ubuntu1_i386.deb file:
drwxr-xr-x root/root         0 2011-01-21 02:02 ./usr/\nshare/
drwxr-xr-x root/root         0 2011-01-21 02:02 ./usr/\nshare/pixmaps/
drwxr-xr-x root/root         0 2011-01-21 02:02 ./usr/\nshare/pixmaps/pidgin/
drwxr-xr-x root/root         0 2011-01-21 02:02 ./usr/\nshare/pixmaps/pidgin/protocols/
drwxr-xr-x root/root         0 2011-01-21 02:02 ./usr/\nshare/pixmaps/pidgin/protocols/16/
-rw-r--r-- root/root       604 2011-01-15 13:50 ./usr/\nshare/pixmaps/pidgin/protocols/16/openfetion.png

This also causes the following lintian errors:
$ lintian pidgin-openfetion_0.1-0ubuntu1_i386.deb:
md5sum: ./usr/\nshare/pixmaps/pidgin/protocols/16/openfetion.png: No such file or directory
internal error: command failed with error code 123
warning: collect info md5sums about package pidgin-openfetion failed
warning: skipping check of binary package pidgin-openfetion
sh: getcwd() failed: No such file or directory
internal error: file-info invoked in wrong directory

This is a very serious problem with the binary package and could be an
indication of a package that has been tampered with. Can the uploader
(Aron Xu) please comment on this?

** Affects: pidgin-openfetion (Ubuntu)
     Importance: Critical
     Assignee: Aron Xu (happyaron)
         Status: New

-- 
invalid paths in binary package
https://bugs.launchpad.net/bugs/706076
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.