Bug#544931: marked as done ([uscan] Regressions due to security fix)

Fri, 11 Sep 2009 04:02:50 -0700 

Your message dated Fri, 11 Sep 2009 10:26:20 +0000
with message-id <e1mm3ke-0006jq...@ries.debian.org>
and subject line Bug#544931: fixed in devscripts 2.10.55
has caused the Debian Bug report #544931,
regarding [uscan] Regressions due to security fix
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
544931: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544931
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: devscripts
Severity: serious
Version: 2.10.54

The security fixes introduced in 2.10.54 has a regression which should
not migrate to testing.

The regular expression parser always evaluates the entire expression,
making it trivial to create infinite loops with expressions such as
"s/(\d)/$1./g".

Adam

--- End Message ---
--- Begin Message --- 
Source: devscripts
Source-Version: 2.10.55

We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive:

devscripts_2.10.55.dsc
  to pool/main/d/devscripts/devscripts_2.10.55.dsc
devscripts_2.10.55.tar.gz
  to pool/main/d/devscripts/devscripts_2.10.55.tar.gz
devscripts_2.10.55_amd64.deb
  to pool/main/d/devscripts/devscripts_2.10.55_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 544...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adam D. Barratt <a...@adam-barratt.org.uk> (supplier of updated devscripts 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 11 Sep 2009 10:02:52 +0100
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.10.55
Distribution: unstable
Urgency: high
Maintainer: Devscripts Devel Team <pkg-devscri...@teams.debian.net>
Changed-By: Adam D. Barratt <a...@adam-barratt.org.uk>
Description: 
 devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 542961 544931 545099 545327
Changes: 
 devscripts (2.10.55) unstable; urgency=high
 .
   * Urgency "high" for security fix fix
 .
   [ Ryan Niebur ]
   * uscan: fix a regression from the security fix when the command is
     given parameters. use Text::ParseWords::shellwords to parse the
     given command.
   * dch: fix comparison of versions when the new and current version are
     the same (Closes: #545099)
 .
   [ Adam D. Barratt ]
   * bts: Refer to the "--no-ack" option rather than the incorrect "--no-acks"
     in the description of the BTS_SUPPRESS_ACKS variable.  Thanks, Jakub
     Wilk.  (Closes: #542961)
   * licensecheck: Add missing blank line in POD.  Thanks, Nicolas Francois.
   * uscan: Fix regressions introduced by the security fix in the previous
     upload.  The parser now correctly keeps track of the last match when /g
     is used to avoid infinite loops.  Thanks, Raphael Geissert and Martín
     Ferrari.  (Closes: #544931)
   * l10n updates; thanks, Nicolas Francois:  (Closes: #545327)
     + Update French manpage translations
     + Fix addendum format for dcontrol in po4a/devscripts-po4a.conf
     + Use --previous when invoking po4a
   * debian/control: Bump version of po4a build-dependency to 0.31 to ensure
     support for --previous.
Checksums-Sha1: 
 1d7b69b68be13efd42585281c9e51c6aa849d87b 1399 devscripts_2.10.55.dsc
 82cf7176aa4eaa059bbb3cbe1fba445d50886684 690881 devscripts_2.10.55.tar.gz
 04b8b6093b5e7f97bbeec941b52dfec49a12086d 591714 devscripts_2.10.55_amd64.deb
Checksums-Sha256: 
 85caf05ad712f2142448b94da447311d4eef4751b7422c30761d31aace52a7bd 1399 
devscripts_2.10.55.dsc
 346b37974bda0f3e8fc00128ab4cbec059df626699a11262a5653f94d14f28ac 690881 
devscripts_2.10.55.tar.gz
 098efdf3358dab27ea584afca88435058f3b4dc6fedec8977c52dcd6289c7985 591714 
devscripts_2.10.55_amd64.deb
Files: 
 05e802a4eecbeb35e713d3940c5025f0 1399 devel optional devscripts_2.10.55.dsc
 ef4c4aa009c7b0ec75a828052a449455 690881 devel optional 
devscripts_2.10.55.tar.gz
 ebe10998305de0fa8a59bd13e5f945a7 591714 devel optional 
devscripts_2.10.55_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqqEtAACgkQokcE1TReOoX5HQCeKSQFALTVtjNMdYLppsULt3q0
v04An37O+FQ7PF+WeN22+NQV029A38lt
=OmwO
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to