The annotated tag, 2.5.10.5 has been created
at 2f62d54c965d8ce6fa10ea1cc162e89811ee35e7 (tag)
tagging e0dc594b47a0c4d23c7fc7448c8824b69f656b71 (commit)
replaces 2.5.10.4
tagged by Niels Thykier
on Tue Apr 16 17:44:54 2013 +0200
- Shortlog ------------------------------------------------------------
Release lintian/2.5.10.5 into unstable
Format: 1.8
Date: Fri, 05 Apr 2013 17:15:00 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.10.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <[email protected]>
Changed-By: Niels Thykier <[email protected]>
Description:
lintian - Debian package checker
Changes:
lintian (2.5.10.5) unstable; urgency=medium
.
* checks/*:
+ [NT] Avoid following unsafe symlinks. (CVE-2013-1429)
* checks/debconf:
+ [NT] Fix several path traversal issues that could leak
information about the host system. (CVE-2013-1429)
* checks/init.d:
+ [NT] Fix possible symlink traversal that could leak
information about the host system. (CVE-2013-1429)
* checks/md5sums:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
* checks/menus:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
* checks/po-debconf:
+ [NT] Unconditionally set INTLTOOL_EXTRACT.
* checks/shared-libs:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
.
* collection/*:
+ [NT] Avoid reading files outside the package root.
(CVE-2013-1429)
* collection/{changelog-file,debian-readme}:
+ [NT] Ignore files in usr/doc/<pkg>.
+ [NT] Skip collection if usr/share/doc/<pkg> is not contained
within the package root. (CVE-2013-1429)
.
* lib/Lintian/Collect/Package.pm:
+ [NT] When a check requests access to a raw file (or dir) in the
package, ensure that the resulting path does not "escape" the
top level directory. This should preemptively guard against some
(but not all) traversal attempts.
* lib/Lintian/Util.pm:
+ [NT] Add sub to check if a path is contained within a given dir.
Checksums-Sha1:
178a5a5ecb816af7a2077d58a1a958ca61c9cb25 1678 lintian_2.5.10.5.dsc
b35b7ad19d27f120e4d20efb2f5a213af8b06c01 1118087 lintian_2.5.10.5.tar.gz
d457e8ad4a06a57189103e5934c355cec23eaac0 711838 lintian_2.5.10.5_all.deb
Checksums-Sha256:
ed7d3b600964b6a3c24661ae44ca68615dd11358f1d1231c15719c732fa38325 1678
lintian_2.5.10.5.dsc
9e15cc2bb18bbe58d04746d05a25eca12758579bfd03f478bbb6117368636d64 1118087
lintian_2.5.10.5.tar.gz
d616f266548ac5356e63bf5cba1bdcce9d8eea4e1d791491aee17bfd49bf09b0 711838
lintian_2.5.10.5_all.deb
Files:
78e37740ac9e7f00304739a3e66f22cd 1678 devel optional lintian_2.5.10.5.dsc
043eac91f77672ad19a43a478c643d68 1118087 devel optional lintian_2.5.10.5.tar.gz
407e5bb7ea0baebab3d08b587c29a83a 711838 devel optional lintian_2.5.10.5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJRbXH2AAoJEAVLu599gGRC/70P/2Qy8fS6LzGQyolQCrazG95S
5yVFqH2zj+aAXn6os5knm56WIrxH1oBBtxpkKH2JHE61kT4HPFnFF/j20ZnIo2/4
ED6r/qvvRXG58Y7rX8SLsl658I86U4EKR5hfds5NEEKvC6+Tc5i59NjgfX+B9QXu
SG8+wFcmzHyI1eEKRgCsC4T6jLFqyHJQr/gnmXoCbAI/2gTNy1jF6d1cacNbkD+Z
Fq2b3VPcvfq11SZTS2cFMOtjwgnNU8AaZ+7WPRZV0HEIzYE8P7PMTeIzOtXA7fAH
SRZhIdNl0vBz9ahbWCgn4fpgRzG3NPs9H2tAvfsG5wc83asBKhARunWZrcqWNZyU
Gd3mxIfUk9+VkzKg1nrCcCJB5E5VsJn9DwnJ2sqmIeUCmg8Npm9e5TxHiIWf1UHf
rOWrSIF7l/R9XgyK6wRdJ5eHIAhiFUfcj0/v4KyUMUle59st3ucOVIkuXc2B+W+T
GEMTfJkMT5s94czb320r6iBipHT9M+iLFSHWkM2LZm9eBjiAwhgjFwLs7ODN0OJc
d5kcC1Kp+MTMzo5Ii0dEmLKlxtmwztStE7XQc1HC6weInDL6QvL2hI5W5E+yugZr
GeSyXcOH1w6AMs10XGFPhUxO76FsLaPrb8x57ObZRxnKNpW5BfD35UAiCUCUUez2
wihNV2TcXR3l6FPEfL4y
=D4bx
-----END PGP SIGNATURE-----
Niels Thykier (15):
c/md5sums: Skip check if the md5sums file is a symlink
c/debconf: Check the sanity of the Binaries field
c/debconf: Before opening files, check they are not symlinks
c/init.d: Guard against possible symlink traversals
c/menus: Skip maintscripts that are symlink
c/shared-libs: Ignore maintscript that are symlinks
L::Util: Add is_ancestor_of function
coll/changelog-file: Check usr/share/doc/<pkg> is safe
coll/debian-readme: Check that usr/share/doc/<pkg> is safe
coll/*: Fix traversal via symlink in multiple collections
checks/*: Check for symlinks before opening files
checks/po-debconf: Set INTLTOOL_EXTRACT unconditionally
L::C::Package: Check filenames for possible traversals
d/changelog: Add reference to CVE-2013-1429
Release lintian/2.5.10.5 into unstable
-----------------------------------------------------------------------
--
Debian package checker
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
