Your message dated Wed, 15 Feb 2012 19:48:27 +0000
with message-id <[email protected]>
and subject line Bug#659946: fixed in devscripts 2.11.4
has caused the Debian Bug report #659946,
regarding [suspicious-source]: flags "empty files" as suspicious
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
659946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659946
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devscripts
Version: 2.11.3
Severity: minor
"""
$ ls
$ touch file
$ suspicious-source
./file
"""
In one of the packages I have reviewed (eclipse-mylyn), the majority
of the result was empty files. I suspect upstream used them to keep
otherwise empty directories in their git repository.
~Niels,
--- End Message ---
--- Begin Message ---
Source: devscripts
Source-Version: 2.11.4
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive:
devscripts_2.11.4.dsc
to main/d/devscripts/devscripts_2.11.4.dsc
devscripts_2.11.4.tar.gz
to main/d/devscripts/devscripts_2.11.4.tar.gz
devscripts_2.11.4_amd64.deb
to main/d/devscripts/devscripts_2.11.4_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam D. Barratt <[email protected]> (supplier of updated devscripts
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 15 Feb 2012 19:19:31 +0000
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.11.4
Distribution: unstable
Urgency: high
Maintainer: Devscripts Devel Team <[email protected]>
Changed-By: Adam D. Barratt <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 601951 659559 659946 659966
Changes:
devscripts (2.11.4) unstable; urgency=high
.
* Urgency "high" for security fixes.
.
[ James McCoy ]
* bts: Revert usertags' handling of more than one +/-/=. Only the first one
is relevant.
.
[ Ryan Niebur ]
* dget: when finding the sources.list entry for the repository to
download a package from, match any port with the correct hostname
because apt-cache policy does not output port numbers in URLs
(Closes: #601951)
.
[ Adam D. Barratt ]
* debdiff:
+ Fix a regression in the handling of embedded tarballs (a side
effect of the changes introduced to resolve #571528).
+ Extend the changes from #571528 to cover more situations where
user or file input is passed to an external program. Fixes
CVE-2012-2012 (and any instance of CVE-2012-2011 not already
covered by #571528).
.
[ Paul Wise ]
* suspicious-source: Also ignore mercurial and darcs VCS directories
(Closes: #659966).
.
[ Benjamin Drung ]
* suspicious-source: Add inode/x-empty to whitelist of MIME types
(Closes: #659946).
.
[ Raphael Geissert ]
* debdiff:
+ Remove undocumented feature treating extensionless files as if
they were packages (Closes: #659559)
+ Add missing chdir for dpkg-source and remove extraneous quoting
of --exclude parameters.
+ Fix CVE-2012-0210 (insufficient input sanitising reading .dsc
and .changes files).
Checksums-Sha1:
9d1b2f78c6d772d85caae95fa95421e58e3c1fde 2264 devscripts_2.11.4.dsc
b0114a50b89f9197846bf78283ee9ef3803658ec 767426 devscripts_2.11.4.tar.gz
21aea3a3e10c66f759234051f48e2f5528820e5d 700988 devscripts_2.11.4_amd64.deb
Checksums-Sha256:
db60d2fdff1468a1cf47b0011fd3dffe48c0f38037348db7c73a0aa618145b78 2264
devscripts_2.11.4.dsc
bff276ce6dcdc0cb636b0bf5dee62fb5750afb7d46fc6fa4578784a56050db05 767426
devscripts_2.11.4.tar.gz
f0ba8d7b3e245c765a1e6e72a31e97cd8797651a74d524e0894c13e081c0a0dd 700988
devscripts_2.11.4_amd64.deb
Files:
c9f82e1988b87b45256397df72613765 2264 devel optional devscripts_2.11.4.dsc
cdfbf28c556ea3b82097ae18579d4503 767426 devel optional devscripts_2.11.4.tar.gz
feaf99fe177ae297af4ce7665e245cdf 700988 devel optional
devscripts_2.11.4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJPPAoLAAoJEMXOXcLFQs1Z0a8QAK7C1WVYr1X3KmLDUfo6v/AM
Ua6HpXeENLUXkvAI9FRxXw0FEHc0GJWIgpChKBkfrmk0S4FIjWp6V0eWw9xc4b8+
wxWcEF6tkBIgb1k87db9SGqNVOifJWysjzLgfMG6HcBhBywgOyHyV4z4r0gEBc36
A4M6J/baiHXSbgOYuDW1MkRqcf6fta2O03WcYsPo3bMWt2712RWFk9lFF0hfk/59
+WbIly4Zy4WiHtRpqQlJ3D1B3l/bBznxvptP85H+StSs24M5woQ7KE+W1I0gH59r
a4Rol+DlW8gvPwG4M4F9LxgBY3L9dGzQmqRiBKbZDmfVSCTQTx/xHHumgGwfeSZ3
e2q0AmRcIe10x4WR98q5vR7IwHmruhg7Exxaw8jT3Hdf31Z97H+RK6Rj4iqvfu0X
ldKItbwTkjs3roLL5AD6q7PkxYW85zQ21ttNwbs+WUtmLmqTJiRUC8UlpJRGzJlu
+39dN4ctz1aJnuri2xKDFJ8GtsUN6QNJXUF6/guvQoDtBlfKD/7FiAjIcWyuUKM9
2QCMJ3Kbn6g5D0pHVE0PTZ7UP16AsPMnGBm4ACJ2EZNbKDo6sh7xJhvVHH6DeXDy
BXNjgRWshIgRSQ1nCkQYkxP8j3Sm1XQCXgL5+uncLX4611NjfJtQz6y4zWDIa9j/
CjADTuKD4coLESwBB499
=87Fn
-----END PGP SIGNATURE-----
--- End Message ---
