Package: dpkg Version: 1.15.8 Severity: critical dpkg_ar_member_put_header contains a buffer overflow that causes packages on armel to be empty as an result. This is entirely due to the calling convention due to the stack being corrupted. It seems that the outcome on other architectures is not so severe, but it broke autobuilding heavily on armel due to it generating broken packages *and* dpkg-deb succeeding. The packages were output onto fd 0 instead of fd 5 because the null byte was written into the ar_fd register.
A patch is currently being tested.
signature.asc
Description: Digital signature
