Ubuntu

“devscripts” 2.10.69ubuntu2.1 source package in The Natty Narwhal

Publishing history

2.10.69ubuntu2.1
SUPERSEDED: Natty pocket Updates in component main and section devel
  • Removed from disk on 2012-10-04.
  • Removal requested on 2012-10-03.
  • Superseded on 2012-10-02 by devscripts - 2.10.69ubuntu2.2
  • Published on 2012-02-15
  • Copied from ubuntu natty in Private PPA for Ubuntu Security Team
2.10.69ubuntu2.1
SUPERSEDED: Natty pocket Security in component main and section devel
  • Removed from disk on 2012-10-04.
  • Removal requested on 2012-10-03.
  • Superseded on 2012-10-02 by devscripts - 2.10.69ubuntu2.2
  • Published on 2012-02-15
  • Copied from ubuntu natty in Private PPA for Ubuntu Security Team

Builds

Changelog

devscripts (2.10.69ubuntu2.1) natty-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
    and .changes files
    - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
      Raphael Geissert for the original patch.
    - CVE-2012-0210
  * SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
    level directory of the original upstream source tarball
    - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
      Adam D. Barratt for the original patch.
    - CVE-2012-0211
  * SECURITY UPDATE: Arbritray code execution via crafted filenames in
    arguments passed to debdiff
    - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
      upstream patches.
    - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
    - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
    - CVE-2012-0212
  * scripts/debdiff.pl: Remove undocumented functionality which treated
    files with extentionless filenames as packages. Thanks to Adam D. Barratt
    for the original patch.
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
 -- Tyler Hicks <email address hidden>   Wed, 15 Feb 2012 03:33:44 -0600