devscripts (2.11.1ubuntu3.1) oneiric-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Date: Wed, 15 Feb 2012 03:33:46 -0600
Changed-By: Tyler Hicks <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/oneiric/+source/devscripts/2.11.1ubuntu3.1
Format: 1.8
Date: Wed, 15 Feb 2012 03:33:46 -0600
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.11.1ubuntu3.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Tyler Hicks <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.11.1ubuntu3.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Checksums-Sha1:
4ce0c649e68c68f3293ab9f789e279c3ee088b77 2333 devscripts_2.11.1ubuntu3.1.dsc
1d52a41cecaebea1a5ee19450d7a08992bda030e 786714
devscripts_2.11.1ubuntu3.1.tar.gz
Checksums-Sha256:
7239f981834941db357b1277a68b32bbfdbfa6698760721965f4f511d35e5c05 2333
devscripts_2.11.1ubuntu3.1.dsc
f763f1480c981a1d6583c42f40978690f6d86d8cb24fc2062435993df6986f80 786714
devscripts_2.11.1ubuntu3.1.tar.gz
Files:
6b1cab6490766290957a62870af6b699 2333 devel optional
devscripts_2.11.1ubuntu3.1.dsc
801d8f71865fdbd3c45ad2ec340c7e41 786714 devel optional
devscripts_2.11.1ubuntu3.1.tar.gz
Original-Maintainer: Devscripts Devel Team <[email protected]>
--
Oneiric-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/oneiric-changes
