Yep, I'm right. control file:
Package: backup Architecture: %08x.%08x.%08x.%08x.%08x\n Description: Stuff maintainer: Joshua Rogers version: 1 # dpkg-deb/dpkg-deb --build /var/tmp/ok/ dpkg-deb: warning: parsing file '/var/tmp/ok//DEBIAN/control' near line 2 package 'backup:015fd150.00449f58.00000001.00000001.0000001a\n': '�D' is not a valid architecture name: %08x.%08x.%08x.%08x.%08x\n dpkg-deb: warning: ignoring 1 warning about the control file(s) dpkg-deb: building package `backup:%08x.%08x.%08x.%08x.%08x\n' in `/var/tmp/ok.deb'. # dpkg -i ok.deb dpkg: warning: parsing file '/var/lib/dpkg/available' near line 11413 package 'backup:017a1e00.00431828.00000001.00000001.0000001c\n': '%08x.%08x.%08x.%08x.%08x\n Version: 1 Size: 514 Description: Stuff [....] (full: http://pastebin.com/qetcDngk ) Unsure if signing of the .deb files happens before or after the parsing of the file -- AKA whether or not a MITM attack could be used, if the listing of architecture is done before or after checking of the signature. I won't be testing that though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1389135 Title: dpkg / dpkg-deb segfault -- possible format string bug/vuln? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
