The following commit has been merged in the master branch:
commit 797ddc961532eb0aeb46153e3f28c8e9ea0500d2
Author: Raphael Geissert <[email protected]>
Date: Tue Feb 14 23:30:46 2012 +0000
debdiff: Fix CVE-2012-0210
(insufficient input sanitising reading .dsc and .changes files)
diff --git a/debian/changelog b/debian/changelog
index c520a30..a54684c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,6 +28,8 @@ devscripts (2.11.4) UNRELEASED; urgency=low
they were packages (Closes: #659559)
+ Add missing chdir for dpkg-source and remove extraneous quoting
of --exclude parameters.
+ + Fix CVE-2012-0210 (insufficient input sanitising reading .dsc
+ and .changes files).
-- Benjamin Drung <[email protected]> Wed, 15 Feb 2012 15:56:19 +0100
diff --git a/scripts/debdiff.pl b/scripts/debdiff.pl
index 3dd56f9..fb602f2 100755
--- a/scripts/debdiff.pl
+++ b/scripts/debdiff.pl
@@ -381,7 +381,12 @@ elsif ($type eq 'changes' or $type eq 'debs') {
last if $infiles and /^[^ ]/;
/^Files:/ and $infiles=1, next;
next unless $infiles;
- / (\S*.u?deb)$/ and push @debs, dirname($changes) . '/' . $1;
+ if (/ (\S*.u?deb)$/) {
+ my $file = $1;
+ $file !~ m,[/\x00],
+ or fatal "File name contains invalid characters: $file";
+ push @debs, dirname($changes) . '/' . $file;
+ }
}
close CHANGES
or fatal "Problem reading $changes: $!";
@@ -456,6 +461,8 @@ elsif ($type eq 'dsc') {
# This had better match
if (/^\s+[0-9a-f]{32}\s+\d+\s+(\S+)$/) {
my $file = $1;
+ $file !~ m,[/\x00],
+ or fatal "File name contains invalid characters: $file";
if ($file =~ /\.diff\.gz$/) {
$diffs[$i] = cwd() . '/' . $file;
}
--
Git repository for devscripts
--
To unsubscribe, send mail to [email protected].
