devscripts (2.10.67ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Date: Wed, 15 Feb 2012 03:33:42 -0600
Changed-By: Tyler Hicks <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/maverick/+source/devscripts/2.10.67ubuntu1.1
Format: 1.8
Date: Wed, 15 Feb 2012 03:33:42 -0600
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.10.67ubuntu1.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Tyler Hicks <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.10.67ubuntu1.1) maverick-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Checksums-Sha1:
2e3ce9191f8f3c984dbd7a3e519cec28c00d52c4 2206 devscripts_2.10.67ubuntu1.1.dsc
a8615b09eeb01f80f6c0cfba009d97324d010ad7 731220
devscripts_2.10.67ubuntu1.1.tar.gz
Checksums-Sha256:
2181025811f6e383dd0a3944cc7b1d6c8fbf457f4263c86fa019d0fe1870279f 2206
devscripts_2.10.67ubuntu1.1.dsc
2f863204a65ef890fb833ee5b49cd646bc877fc5f412ea9b38b9c175abfadac3 731220
devscripts_2.10.67ubuntu1.1.tar.gz
Files:
9d5c4186b5b6b4cbf1d1dfb4bb423065 2206 devel optional
devscripts_2.10.67ubuntu1.1.dsc
52a377d4bce1cf88977e60b155d982f6 731220 devel optional
devscripts_2.10.67ubuntu1.1.tar.gz
Original-Maintainer: Devscripts Devel Team <[email protected]>
--
Maverick-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/maverick-changes
