Format: 1.8
Date: Wed, 15 Feb 2012 03:33:44 -0600
Source: devscripts
Binary: devscripts
Architecture: i386 i386_translations
Version: 2.10.69ubuntu2.1
Distribution: natty
Urgency: low
Maintainer: Ubuntu/i386 Build Daemon <buildd@zirconium.buildd>
Changed-By: Tyler Hicks <tyhicks@canonical.com>
Description: 
 devscripts - scripts to make the life of a Debian Package maintainer easier
Changes: 
 devscripts (2.10.69ubuntu2.1) natty-security; urgency=low
 .
   * SECURITY UPDATE: Arbitrary code execution via crafted filenames in .dsc
     and .changes files
     - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
       Raphael Geissert for the original patch.
     - CVE-2012-0210
   * SECURITY UPDATE: Arbitrary code execution via crafted filenames in the top
     level directory of the original upstream source tarball
     - scripts/debdiff.pl: Perform input sanitization on filenames. Thanks to
       Adam D. Barratt for the original patch.
     - CVE-2012-0211
   * SECURITY UPDATE: Arbritray code execution via crafted filenames in
     arguments passed to debdiff
     - scripts/debdiff.pl: Perform input sanitization on filenames. Based on
       upstream patches.
     - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=87f88232eb643f0c118c6ba38db8e966915b450f
     - http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commitdiff;h=76227af1ee8d68f4844f642325eac903ca21e739
     - CVE-2012-0212
   * scripts/debdiff.pl: Remove undocumented functionality which treated
     files with extentionless filenames as packages. Thanks to Adam D. Barratt
     for the original patch.
     - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=659559
Checksums-Sha1: 
 2c83968b88da70f41ee9321a19d89965e3f1b371 572036 devscripts_2.10.69ubuntu2.1_i386.deb
 9153432cee5b09877caa253373a228af8cf1d164 289294 devscripts_2.10.69ubuntu2.1_i386_translations.tar.gz
Checksums-Sha256: 
 6819e1c824e1737becf0f4cbba4538a44955ebf02b7fd6cdff9b54d09a2a0f72 572036 devscripts_2.10.69ubuntu2.1_i386.deb
 67bcee0bdc07b38a673d154ab746f39484279ab102336a78b2d2abc484204d41 289294 devscripts_2.10.69ubuntu2.1_i386_translations.tar.gz
Files: 
 e13a53932bd43fb3baaed5d103e2aeaa 572036 devel optional devscripts_2.10.69ubuntu2.1_i386.deb
 a22d56edb671604b4c2aef1673dd0848 289294 raw-translations - devscripts_2.10.69ubuntu2.1_i386_translations.tar.gz
Original-Maintainer: Devscripts Devel Team <pkg-devscripts@teams.debian.net>