This is an automated email from the git hooks/post-receive script. jamessan pushed a commit to branch master in repository devscripts.
commit 2810d99b1aaa6445bc2ea6f3f8a33045780daa6b Author: James McCoy <[email protected]> Date: Mon Dec 16 23:39:46 2013 -0500 Document uscan security fixes, CVE-2013-6888 and CVE-2013-7085 Signed-off-by: James McCoy <[email protected]> --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index 118938b..d5805a3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,16 @@ devscripts (2.13.9) UNRELEASED; urgency=low + [ Martin Pitt ] * autopkgtest: Add "allow-stderr" restriction to avoid failing tests because of the HTTP server log on stderr. + [ James McCoy ] + * uscan: + + Repack the tarball and verify it is a compressed archive without + allowing arbitrary code execution. Fixes CVE-2013-6888. + + Use find's -exec to call rm directly instead of piping to xargs. + (Closes: #732006, CVE-2013-7085) + -- Martin Pitt <[email protected]> Thu, 12 Dec 2013 11:08:27 +0100 devscripts (2.13.8) unstable; urgency=medium -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git _______________________________________________ devscripts-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/devscripts-devel
