[ubuntu/utopic-proposed] dpkg 1.17.9ubuntu1 (Accepted)
Adam Conrad
adconrad at ubuntu.com
Wed Apr 30 14:30:13 UTC 2014
dpkg (1.17.9ubuntu1) utopic; urgency=medium
* Merge with Debian unstable, fixing the testsuite's failure to fail.
dpkg (1.17.9) unstable; urgency=high
[ Guillem Jover ]
* Do not allow patch files with C-style encoded filenames. Closes: #746306
Unconditionally fixes CVE-2014-0471.
* Switch alternative database backups from xz to gzip. Closes: #746354
* Do not leak long tar names on bogus or truncated archives.
* Do not leak the filepackages iterator when a directory is used by other
packages.
* Fix short lived memory leaks in «dpkg-split --split».
* Fix memory leak in unused Keybindings screen in dselect.
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and
GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX.
Although this should not have security implications as the buffer is
surrounded by two arrays (so those catch accesses even if the stack
grows up or down), and we are compiling with -fstack-protector anyway.
* Mark the command_get_pager() tests on a tty as TODO for now, so that
we do not get failures on build daemons.
* Make test suite errors abort the build again. Closes: #746331
[ Updated scripts translations ]
* French (Steve Petruzzello). Closes: #746350
* German (Helge Kreutzmann).
[ Updated manpages translations ]
* German (Helge Kreutzmann).
Date: Wed, 30 Apr 2014 08:24:27 -0600
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/dpkg/1.17.9ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 30 Apr 2014 08:24:27 -0600
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source
Version: 1.17.9ubuntu1
Distribution: utopic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 746306 746331 746350 746354
Changes:
dpkg (1.17.9ubuntu1) utopic; urgency=medium
.
* Merge with Debian unstable, fixing the testsuite's failure to fail.
.
dpkg (1.17.9) unstable; urgency=high
.
[ Guillem Jover ]
* Do not allow patch files with C-style encoded filenames. Closes: #746306
Unconditionally fixes CVE-2014-0471.
* Switch alternative database backups from xz to gzip. Closes: #746354
* Do not leak long tar names on bogus or truncated archives.
* Do not leak the filepackages iterator when a directory is used by other
packages.
* Fix short lived memory leaks in «dpkg-split --split».
* Fix memory leak in unused Keybindings screen in dselect.
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and
GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX.
Although this should not have security implications as the buffer is
surrounded by two arrays (so those catch accesses even if the stack
grows up or down), and we are compiling with -fstack-protector anyway.
* Mark the command_get_pager() tests on a tty as TODO for now, so that
we do not get failures on build daemons.
* Make test suite errors abort the build again. Closes: #746331
.
[ Updated scripts translations ]
* French (Steve Petruzzello). Closes: #746350
* German (Helge Kreutzmann).
.
[ Updated manpages translations ]
* German (Helge Kreutzmann).
Checksums-Sha1:
c9a35918da34d53fbf33556d77c3bdf835016fcd 1501 dpkg_1.17.9ubuntu1.dsc
4c6f5c0e4467e7603a9edf645a5dd20b3816a123 4053892 dpkg_1.17.9ubuntu1.tar.xz
Checksums-Sha256:
28ab10fd7d98b43879d608d1311231f2e3ce404bd7bfbb44efa29b350b4402d4 1501 dpkg_1.17.9ubuntu1.dsc
1d72d1a2e3a4e826598da32875dec736ee96368ce6cb5186f2bddff262ba1846 4053892 dpkg_1.17.9ubuntu1.tar.xz
Files:
6ec0132f21bf04b42bd68a7e14939c33 1501 admin required dpkg_1.17.9ubuntu1.dsc
60aaead40d10acec66798569f4435328 4053892 admin required dpkg_1.17.9ubuntu1.tar.xz
Original-Maintainer: Dpkg Developers <debian-dpkg at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlNhCMMACgkQvjztR8bOoMnH5QCgrvXhvQbts1V/B9t65OlFmJ2D
bbQAoJQghphrmWF+QwCO1vIzK0bbThFn
=4zTL
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list