Publishing details

Published on 2016-05-24
Copied from ubuntu trusty in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

tardiff (0.1-2+deb8u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

tardiff (0.1-2+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Add fix for shell command injection via tar filename itself.
    This fix is as well part of the CVE-2015-0857 assignment but was
    previously missed.

tardiff (0.1-2+deb8u1) jessie-security; urgency=high

  * Add patch to fix miscalculated statistics. (Closes: #802098)
  * Add patches to fix two security issues:
    + CVE-2015-0857: shell command injection through file names
    + CVE-2015-0858: /tmp race condition in handling temporary directory
    Issues found and reported by Rainer Müller and Florian Weimer.
    Additional necessary changes:
    + Add new run-time dependency on libtext-diff-perl.

 -- Marc Deslauriers <email address hidden>  Tue, 24 May 2016 09:23:53 -0400

Available diffs

diff from 0.1-2 (in Debian) to 0.1-2+deb8u2build0.14.04.1 (2.3 KiB)

Builds

i386

Built packages

tardiff Tarball comparison tool

Package files

tardiff_0.1-2+deb8u2build0.14.04.1.debian.tar.gz (5.0 KiB)
tardiff_0.1-2+deb8u2build0.14.04.1.dsc (1.8 KiB)
tardiff_0.1-2+deb8u2build0.14.04.1_all.deb (5.5 KiB)
tardiff_0.1.orig.tar.bz2 (1.9 KiB)