[ubuntu/utopic-proposed] dpkg 1.17.8ubuntu1 (Accepted)
Adam Conrad
adconrad at ubuntu.com
Tue Apr 29 04:13:17 UTC 2014
dpkg (1.17.8ubuntu1) utopic; urgency=medium
* Merge with Debian unstable to bring in several bugfixes, including
the hostile patch unpack directory traversal fix for CVE-2014-0471
dpkg (1.17.8) unstable; urgency=high
[ Guillem Jover ]
* Do not backup nonexistent database files from the cron.daily file.
And stop emitting tar warnings. Closes: #745592, #745651
* Test suite:
- Improve Perl code coverage.
- Improve C code coverage.
* Handle space-only strings when parsing versions in libdpkg.
* Document the environment requirements for the dpkg-maintscript-helper
supports command in the man page. Closes: #739634
* Improve wording for «dpkg --verify» and --verify-format in the man page.
Closes: #733057
* Switch test runner from Test::Harness to TAP::Harness.
* Use the perl TAP::Harness for the C test suite instead of the automake
tap-driver, to avoid requiring automake >= 1.12, currently not present
in stable.
* Enable failed test case reporting from the TAP::Harness, so that we get
more meaningful reports on failure from the C test suite.
* Correctly parse C-style diff filenames in Dpkg::Source::Patch, to avoid
directory traversal attempts from hostile source packages when unpacking
them. Reported by Jakub Wilk <jwilk at debian.org>. Fixes CVE-2014-0471.
[ Updated programs translations ]
* German (Sven Joachim).
* Russian (Yuri Kozlov). Closes: #745869
* Vietnamese (Trần Ngọc Quân).
Date: Mon, 28 Apr 2014 21:16:49 -0600
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/dpkg/1.17.8ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Apr 2014 21:16:49 -0600
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.17.8ubuntu1
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 733057 739634 745592 745651 745869
Changes:
dpkg (1.17.8ubuntu1) utopic; urgency=medium
.
* Merge with Debian unstable to bring in several bugfixes, including
the hostile patch unpack directory traversal fix for CVE-2014-0471
.
dpkg (1.17.8) unstable; urgency=high
.
[ Guillem Jover ]
* Do not backup nonexistent database files from the cron.daily file.
And stop emitting tar warnings. Closes: #745592, #745651
* Test suite:
- Improve Perl code coverage.
- Improve C code coverage.
* Handle space-only strings when parsing versions in libdpkg.
* Document the environment requirements for the dpkg-maintscript-helper
supports command in the man page. Closes: #739634
* Improve wording for «dpkg --verify» and --verify-format in the man page.
Closes: #733057
* Switch test runner from Test::Harness to TAP::Harness.
* Use the perl TAP::Harness for the C test suite instead of the automake
tap-driver, to avoid requiring automake >= 1.12, currently not present
in stable.
* Enable failed test case reporting from the TAP::Harness, so that we get
more meaningful reports on failure from the C test suite.
* Correctly parse C-style diff filenames in Dpkg::Source::Patch, to avoid
directory traversal attempts from hostile source packages when unpacking
them. Reported by Jakub Wilk <jwilk at debian.org>. Fixes CVE-2014-0471.
.
[ Updated programs translations ]
* German (Sven Joachim).
* Russian (Yuri Kozlov). Closes: #745869
* Vietnamese (Trần Ngọc Quân).
Checksums-Sha1:
72c7b8772645e8deabaa8b620b3792cdd38593a5 1501 dpkg_1.17.8ubuntu1.dsc
37cffacf6c4558f49cb662c762ed7c84358f7f9f 4046396 dpkg_1.17.8ubuntu1.tar.xz
Checksums-Sha256:
ee06d7f89b59587a7ca0ed5ea7e837240f41970b2e01546681d8abe076630282 1501 dpkg_1.17.8ubuntu1.dsc
9074045f45d92a4485841dc1794dc2171db81a09b363ab42f65bcf21565cef34 4046396 dpkg_1.17.8ubuntu1.tar.xz
Files:
e244b8e58dc7c9d99032dbde7f6c3471 1501 admin required dpkg_1.17.8ubuntu1.dsc
1a31ae069e5d72e6e179a7e521a07556 4046396 admin required dpkg_1.17.8ubuntu1.tar.xz
Original-Maintainer: Dpkg Developers <debian-dpkg at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlNfHKcACgkQvjztR8bOoMnYQACgq9IITgFyJNgHl09CFvMOGRHg
gNgAnibodPey11gTRY0qcSPrp7HZFwpB
=fiaq
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list