The following commit has been merged in the squeeze branch:
commit bf281f3a2318143983891078de0637d915deaaed
Author: James McCoy <[email protected]>
Date: Sun Aug 26 11:39:23 2012 -0400
releasing version 2.10.69+squeeze3
diff --git a/debian/changelog b/debian/changelog
index 3458441..4ac3d67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+devscripts (2.10.69+squeeze3) stable-security; urgency=high
+
+ * annotate-output: Fix to prevent symlink attack: don't delete
+ safely-created file and reuse its name. Instead, create temporary
+ directory and create FIFOs therein. Also, be sure to remove temporaries
+ upon catchable signal. Thanks to Jim Meyering for the patch. Fixes
+ CVE-2012-3500.
+
+ -- James McCoy <[email protected]> Sun, 26 Aug 2012 11:38:43 -0400
+
devscripts (2.10.69+squeeze2) squeeze-security; urgency=high
[ Adam D. Barratt ]
--
Git repository for devscripts
_______________________________________________
devscripts-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
