The following commit has been merged in the squeeze branch:
commit 9a52dbad4f0c6eb46f098260a2c724fb657e1377
Author: Raphael Geissert <[email protected]>
Date: Mon Feb 13 07:27:00 2012 +0000
debdiff: Fix CVE-2012-0210 (insufficient input sanitising)
Signed-off-by: Adam D. Barratt <[email protected]>
diff --git a/scripts/debdiff.pl b/scripts/debdiff.pl
index 1ba66f5..980ef41 100755
--- a/scripts/debdiff.pl
+++ b/scripts/debdiff.pl
@@ -401,7 +401,12 @@ elsif ($type eq 'changes' or $type eq 'debs') {
last if $infiles and /^[^ ]/;
/^Files:/ and $infiles=1, next;
next unless $infiles;
- / (\S*.u?deb)$/) && push @debs, dirname($changes) . '/' . $1;
+ if (/ (\S*.u?deb)$/) {
+ my $file = $1;
+ $file !~ m,[/\x00],
+ or fatal "File name contains invalid characters: $file";
+ push @debs, dirname($changes) . '/' . $file;
+ }
}
close CHANGES
or fatal "Problem reading $changes: $!";
@@ -492,6 +497,8 @@ elsif ($type eq 'dsc') {
# This had better match
if (/^\s+[0-9a-f]{32}\s+\d+\s+(\S+)$/) {
my $file = $1;
+ $file !~ m,[/\x00],
+ or fatal "File name contains invalid characters: $file";
if ($file =~ /\.diff\.gz$/) {
$diffs[$i] = cwd() . '/' . $file;
}
--
Git repository for devscripts
--
To unsubscribe, send mail to [email protected].
