devscripts (2.10.61ubuntu5.1) lucid-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Date: Wed, 15 Feb 2012 03:33:39 -0600
Changed-By: Tyler Hicks <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/devscripts/2.10.61ubuntu5.1
Format: 1.8
Date: Wed, 15 Feb 2012 03:33:39 -0600
Source: devscripts
Binary: devscripts
Architecture: source
Version: 2.10.61ubuntu5.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Tyler Hicks <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.10.61ubuntu5.1) lucid-security; urgency=low
.
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
and .changes files
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Raphael Geissert for the original patch.
- CVE-2012-0210
* SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
level directory of the original upstream source tarball
- scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
Adam D. Barratt for the original patch.
- CVE-2012-0211
* SECURITY UPDATE: Arbritray code execution via crafted filenames in
arguments passed to debdiff
- scripts/debdiff.pl: Perform input sanitization on filenames. Based on
upstream patches.
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
-
http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
- CVE-2012-0212
* scripts/debdiff.pl: Remove undocumented functionality which treated
files with extentionless filenames as packages. Thanks to Adam D. Barratt
for the original patch.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Checksums-Sha1:
a6e9c9dff78052debe3f0c90ff80ce0417e7b312 2168 devscripts_2.10.61ubuntu5.1.dsc
0e388c2640770b6794110e013fbade1980bee075 703733
devscripts_2.10.61ubuntu5.1.tar.gz
Checksums-Sha256:
80fdaa5f0d0a78c676f492d37945ca44bb5897cd9852b82a82a7577bfce43cc2 2168
devscripts_2.10.61ubuntu5.1.dsc
f0bc2a92f5eb527ea72b488bc7bc13b69693e719fe86d3ada8d5c34e1145ebaa 703733
devscripts_2.10.61ubuntu5.1.tar.gz
Files:
270f38ccdcb7fc4fe24b193a57941554 2168 devel optional
devscripts_2.10.61ubuntu5.1.dsc
4d10233d1b1a2ea10a97a3f10c3d05d0 703733 devel optional
devscripts_2.10.61ubuntu5.1.tar.gz
Original-Maintainer: Devscripts Devel Team <[email protected]>
--
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
