[ubuntu/utopic-proposed] dpkg 1.17.8ubuntu1 (Accepted)

Adam Conrad adconrad at ubuntu.com
Tue Apr 29 04:13:17 UTC 2014 

dpkg (1.17.8ubuntu1) utopic; urgency=medium

  * Merge with Debian unstable to bring in several bugfixes, including
    the hostile patch unpack directory traversal fix for CVE-2014-0471

dpkg (1.17.8) unstable; urgency=high

  [ Guillem Jover ]
  * Do not backup nonexistent database files from the cron.daily file.
    And stop emitting tar warnings. Closes: #745592, #745651
  * Test suite:
    - Improve Perl code coverage.
    - Improve C code coverage.
  * Handle space-only strings when parsing versions in libdpkg.
  * Document the environment requirements for the dpkg-maintscript-helper
    supports command in the man page. Closes: #739634
  * Improve wording for «dpkg --verify» and --verify-format in the man page.
    Closes: #733057
  * Switch test runner from Test::Harness to TAP::Harness.
  * Use the perl TAP::Harness for the C test suite instead of the automake
    tap-driver, to avoid requiring automake >= 1.12, currently not present
    in stable.
  * Enable failed test case reporting from the TAP::Harness, so that we get
    more meaningful reports on failure from the C test suite.
  * Correctly parse C-style diff filenames in Dpkg::Source::Patch, to avoid
    directory traversal attempts from hostile source packages when unpacking
    them. Reported by Jakub Wilk <jwilk at debian.org>. Fixes CVE-2014-0471.

  [ Updated programs translations ]
  * German (Sven Joachim).
  * Russian (Yuri Kozlov). Closes: #745869
  * Vietnamese (Trần Ngọc Quân).

Date: Mon, 28 Apr 2014 21:16:49 -0600
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/dpkg/1.17.8ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 28 Apr 2014 21:16:49 -0600
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.17.8ubuntu1
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 733057 739634 745592 745651 745869
Changes: 
 dpkg (1.17.8ubuntu1) utopic; urgency=medium
 .
   * Merge with Debian unstable to bring in several bugfixes, including
     the hostile patch unpack directory traversal fix for CVE-2014-0471
 .
 dpkg (1.17.8) unstable; urgency=high
 .
   [ Guillem Jover ]
   * Do not backup nonexistent database files from the cron.daily file.
     And stop emitting tar warnings. Closes: #745592, #745651
   * Test suite:
     - Improve Perl code coverage.
     - Improve C code coverage.
   * Handle space-only strings when parsing versions in libdpkg.
   * Document the environment requirements for the dpkg-maintscript-helper
     supports command in the man page. Closes: #739634
   * Improve wording for «dpkg --verify» and --verify-format in the man page.
     Closes: #733057
   * Switch test runner from Test::Harness to TAP::Harness.
   * Use the perl TAP::Harness for the C test suite instead of the automake
     tap-driver, to avoid requiring automake >= 1.12, currently not present
     in stable.
   * Enable failed test case reporting from the TAP::Harness, so that we get
     more meaningful reports on failure from the C test suite.
   * Correctly parse C-style diff filenames in Dpkg::Source::Patch, to avoid
     directory traversal attempts from hostile source packages when unpacking
     them. Reported by Jakub Wilk <jwilk at debian.org>. Fixes CVE-2014-0471.
 .
   [ Updated programs translations ]
   * German (Sven Joachim).
   * Russian (Yuri Kozlov). Closes: #745869
   * Vietnamese (Trần Ngọc Quân).
Checksums-Sha1: 
 72c7b8772645e8deabaa8b620b3792cdd38593a5 1501 dpkg_1.17.8ubuntu1.dsc
 37cffacf6c4558f49cb662c762ed7c84358f7f9f 4046396 dpkg_1.17.8ubuntu1.tar.xz
Checksums-Sha256: 
 ee06d7f89b59587a7ca0ed5ea7e837240f41970b2e01546681d8abe076630282 1501 dpkg_1.17.8ubuntu1.dsc
 9074045f45d92a4485841dc1794dc2171db81a09b363ab42f65bcf21565cef34 4046396 dpkg_1.17.8ubuntu1.tar.xz
Files: 
 e244b8e58dc7c9d99032dbde7f6c3471 1501 admin required dpkg_1.17.8ubuntu1.dsc
 1a31ae069e5d72e6e179a7e521a07556 4046396 admin required dpkg_1.17.8ubuntu1.tar.xz
Original-Maintainer: Dpkg Developers <debian-dpkg at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlNfHKcACgkQvjztR8bOoMnYQACgq9IITgFyJNgHl09CFvMOGRHg
gNgAnibodPey11gTRY0qcSPrp7HZFwpB
=fiaq
-----END PGP SIGNATURE-----

More information about the Utopic-changes mailing list