Your message dated Wed, 15 Feb 2012 23:17:09 +0000
with message-id <[email protected]>
and subject line Bug#659559: fixed in devscripts 2.10.69+squeeze2
has caused the Debian Bug report #659559,
regarding debdiff: multiple bugs in handling of extension-less .deb files
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
659559: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: devscripts
Version: 2.10.71
Severity: minor
User: [email protected]
Usertags: debdiff
Hi,
Debdiff's handling of files that do not end on \.(u?deb|dsc|changes)$ is:
a) undocumented
b) bogus, as one may end up comparing a .changes and a .deb
"b)" can be triggered by running:
debdiff deb_file_that_doesn\'t_end_in_common_exts a.changes
`file $ARGV[0]` =~ /Debian/ (in line 321) sets $type to 'deb', but the check
for the second file doesn't fail because there's an incorrect exclusion:
unless ($type eq 'deb' and `file $ARGV[0]` =~ /Debian/) {
I guess the second call to file(1) was meant to check $ARGV[1],
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: devscripts
Source-Version: 2.10.69+squeeze2
We believe that the bug you reported is fixed in the latest version of
devscripts, which is due to be installed in the Debian FTP archive:
devscripts_2.10.69+squeeze2.dsc
to main/d/devscripts/devscripts_2.10.69+squeeze2.dsc
devscripts_2.10.69+squeeze2.tar.gz
to main/d/devscripts/devscripts_2.10.69+squeeze2.tar.gz
devscripts_2.10.69+squeeze2_amd64.deb
to main/d/devscripts/devscripts_2.10.69+squeeze2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Adam D. Barratt <[email protected]> (supplier of updated devscripts
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 14 Feb 2012 10:26:14 +0000
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.10.69+squeeze2
Distribution: squeeze-security
Urgency: high
Maintainer: Devscripts Devel Team <[email protected]>
Changed-By: Adam D. Barratt <[email protected]>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 659559
Changes:
devscripts (2.10.69+squeeze2) squeeze-security; urgency=high
.
[ Adam D. Barratt ]
* debdiff: Fix CVE-2012-0211 and CVE-2012-0212 (argument injection /
modification)
.
[ Raphael Geissert ]
* debdiff:
+ Fix CVE-2012-0210 (insufficient input sanitising reading .dsc
and .changes files)
+ Remove undocumented feature treating extensionless files as if
they were packages (Closes: #659559)
Checksums-Sha1:
64565101aada815c58e3930fb8956723e30f112e 2114 devscripts_2.10.69+squeeze2.dsc
0dc67fe6df1737536aa77110637989c0b0e23c64 729822
devscripts_2.10.69+squeeze2.tar.gz
21e06752e76624440420c7bd1c9cd82f3b8dd001 649148
devscripts_2.10.69+squeeze2_amd64.deb
Checksums-Sha256:
83da4f8e6a203a7cc7fcd42e647baeba0fdcfcd7b2cb51fd817eb9dc4a3fb857 2114
devscripts_2.10.69+squeeze2.dsc
ffa47e3a94a1394a01f59cebf4d646c6f24dddfb5ce4cf6b982120a9e8a0e280 729822
devscripts_2.10.69+squeeze2.tar.gz
dcfeee87000ce91ae1a0c6a00b4916532fe1bfd539e396ce073909c0bf2ab41b 649148
devscripts_2.10.69+squeeze2_amd64.deb
Files:
0e3694afac918e29bf15ef2733ec0392 2114 devel optional
devscripts_2.10.69+squeeze2.dsc
6470fd334b52df547712e2423da0571b 729822 devel optional
devscripts_2.10.69+squeeze2.tar.gz
60591b4e98133ed4264d3fd68f48b69d 649148 devel optional
devscripts_2.10.69+squeeze2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCAAGBQJPOu19AAoJEMXOXcLFQs1ZboQP/0zqOr2YbPJEwQvBW55RSBLc
Z5+gyCjtcOhvYZkLNGwZVr+LwN1qG6IRZx3EVf/5cgiXMtVxlgjOCsaXyASZgACy
4BvaTSorTld7gtco0UqC1Z4/XDSfBGQmUJLVKVoCkDwRp+QgsTB1DU+bfwtoIUnQ
4IqzhfWK9MLn/69dO1YbYhh538V/UKyeAvWYGX1B4tkWchP05w6Ajrb0++Ct8Ztc
BI93KeNxPuAV3fgOKsF8HfLSKTBjt59gvw4GPuPqHa2fTMdXJJaSyndiZacG84vM
m0RQ1K0ZKs5Kodv1Nygbep24UdsMUNVRMK4MERClFOC3SXCmi8K8bkysgJDyQFe1
TcO3gYlRLzX/8/PTRppQVIwJxuCriZpgRlsSuZBSSnR3wK5lRirZaCCQ2ErHLTFT
xPLpICkQbrf39DqlN/Ov30Rry6B3psolRG2yKT6u8VWJpuHwGCtEbHTsvyF1i7g6
sAlf7Aph9OQMPIC8k0Qfmb4U3A+Td9UJUngZE8bro+KOGKwir5zE3ElE6B3MHhN+
E2huXy9HCOnpgXoujhj3zC1qTRYOExWZ4mtuiM7oyK3awUQmNigGB3zPmmiQ2djY
wB8MXniPeby1gXfyPqQSkZSVPro8ZRbFfdwPc+BY5QvQDM4pob/BHDtIkmJ8IySr
+xTKZnGGjSxT9DOOczi5
=xAtO
-----END PGP SIGNATURE-----
--- End Message ---
