tag 732006 pending
thanks
Hello,
Bug #732006 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=collab-maint/devscripts.git;a=commitdiff;h=2810d99
---
commit 2810d99b1aaa6445bc2ea6f3f8a33045780daa6b
Author: James McCoy <james...@debian.org>
Date: Mon Dec 16 23:39:46 2013 -0500
Document uscan security fixes, CVE-2013-6888 and CVE-2013-7085
Signed-off-by: James McCoy <james...@debian.org>
diff --git a/debian/changelog b/debian/changelog
index 118938b..d5805a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,16 @@
devscripts (2.13.9) UNRELEASED; urgency=low
+ [ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.
+ [ James McCoy ]
+ * uscan:
+ + Repack the tarball and verify it is a compressed archive without
+ allowing arbitrary code execution. Fixes CVE-2013-6888.
+ + Use find's -exec to call rm directly instead of piping to xargs.
+ (Closes: #732006, CVE-2013-7085)
+
-- Martin Pitt <mp...@debian.org> Thu, 12 Dec 2013 11:08:27 +0100
devscripts (2.13.8) unstable; urgency=medium
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
