The following commit has been merged in the squeeze branch: commit 9a52dbad4f0c6eb46f098260a2c724fb657e1377 Author: Raphael Geissert <geiss...@debian.org> Date: Mon Feb 13 07:27:00 2012 +0000
debdiff: Fix CVE-2012-0210 (insufficient input sanitising) Signed-off-by: Adam D. Barratt <a...@adam-barratt.org.uk> diff --git a/scripts/debdiff.pl b/scripts/debdiff.pl index 1ba66f5..980ef41 100755 --- a/scripts/debdiff.pl +++ b/scripts/debdiff.pl @@ -401,7 +401,12 @@ elsif ($type eq 'changes' or $type eq 'debs') { last if $infiles and /^[^ ]/; /^Files:/ and $infiles=1, next; next unless $infiles; - / (\S*.u?deb)$/) && push @debs, dirname($changes) . '/' . $1; + if (/ (\S*.u?deb)$/) { + my $file = $1; + $file !~ m,[/\x00], + or fatal "File name contains invalid characters: $file"; + push @debs, dirname($changes) . '/' . $file; + } } close CHANGES or fatal "Problem reading $changes: $!"; @@ -492,6 +497,8 @@ elsif ($type eq 'dsc') { # This had better match if (/^\s+[0-9a-f]{32}\s+\d+\s+(\S+)$/) { my $file = $1; + $file !~ m,[/\x00], + or fatal "File name contains invalid characters: $file"; if ($file =~ /\.diff\.gz$/) { $diffs[$i] = cwd() . '/' . $file; } -- Git repository for devscripts -- To unsubscribe, send mail to pkg-devscripts-unsubscr...@teams.debian.net.