-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 19 Dec 2002 00:31:10 -0500 Source: rpm Binary: rpm librpm-dev lsb-rpm librpm4 Architecture: source i386 Version: 4.0.4-14 Distribution: unstable Urgency: medium Maintainer: Joey Hess <[EMAIL PROTECTED]> Changed-By: Joey Hess <[EMAIL PROTECTED]> Description: librpm-dev - RPM shared library, development kit librpm4 - RPM shared library lsb-rpm - Red Hat package manager for LSB package building rpm - Red Hat package manager Closes: 173242 173502 Changes: rpm (4.0.4-14) unstable; urgency=MEDIUM . * Minor security fixes spotted by Paul Szabo. - cpanflute: check mkdir call and abort on failure - cross-build: drop the files into ~/srpms/done, not /tmp/srpms/done; but of course this is just an example script like it says - rpmdiff.cgi: like so many CGI scripts, this is utter insecure crap (use viewcvs); removed from binary package. Added note that it is completly insecure to source and make it die on startup. (Maximum impact: executation of arbitrary code as user cgi script runs as.) - vpkg-provides.sh, vpkg-provides2.sh: Use tempfile(1) for safe creation of all temporary files. Many changes and untested. These scripts do not work on linux anyway. None of the above programs were ever run by rpm when building packages. Therefore these security holes are unlikely to have impacted casual RPM users. Closes: #173242 (also sent upstream) * rpmio.h ifdef fix for glibc 2.3. Closes: #173502 Files: b485ad85ad3220925f12229f7012e746 703 admin optional rpm_4.0.4-14.dsc f8e4abe3526f63ccedf0e085754734c6 19637 admin optional rpm_4.0.4-14.diff.gz 81cdafe2caa8d6cd89e948e331ecd775 514014 admin optional rpm_4.0.4-14_i386.deb f7618aef71c7930f9149d2f376360244 742824 devel optional lsb-rpm_4.0.4-14_i386.deb b37e36926867ccb6686ec42683ebbce9 344626 libs optional librpm4_4.0.4-14_i386.deb 0167535fe4e2ac2c3bfd3ae8efc41614 415044 devel extra librpm-dev_4.0.4-14_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Aenv2tp5zXiKP0wRApKeAJ9etCIdvpgTl43B6S1ESAaDQa/u/QCfSl8Y 57AUd/jSXzNb7kXsAt7c1Ro= =o/fQ -----END PGP SIGNATURE----- Accepted: librpm-dev_4.0.4-14_i386.deb to pool/main/r/rpm/librpm-dev_4.0.4-14_i386.deb librpm4_4.0.4-14_i386.deb to pool/main/r/rpm/librpm4_4.0.4-14_i386.deb lsb-rpm_4.0.4-14_i386.deb to pool/main/r/rpm/lsb-rpm_4.0.4-14_i386.deb rpm_4.0.4-14.diff.gz to pool/main/r/rpm/rpm_4.0.4-14.diff.gz rpm_4.0.4-14.dsc to pool/main/r/rpm/rpm_4.0.4-14.dsc rpm_4.0.4-14_i386.deb to pool/main/r/rpm/rpm_4.0.4-14_i386.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]