Accepted rpm 4.0.4-14 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 19 Dec 2002 00:31:10 -0500
Source: rpm
Binary: rpm librpm-dev lsb-rpm librpm4
Architecture: source i386
Version: 4.0.4-14
Distribution: unstable
Urgency: medium
Maintainer: Joey Hess <joeyh@debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description:
librpm-dev - RPM shared library, development kit
librpm4 - RPM shared library
lsb-rpm - Red Hat package manager for LSB package building
rpm - Red Hat package manager
Closes: 173242 173502
Changes:
rpm (4.0.4-14) unstable; urgency=MEDIUM
.
* Minor security fixes spotted by Paul Szabo.
- cpanflute: check mkdir call and abort on failure
- cross-build: drop the files into ~/srpms/done, not /tmp/srpms/done; but
of course this is just an example script like it says
- rpmdiff.cgi: like so many CGI scripts, this is utter insecure crap (use
viewcvs); removed from binary package. Added note that it is completly
insecure to source and make it die on startup. (Maximum impact:
executation of arbitrary code as user cgi script runs as.)
- vpkg-provides.sh, vpkg-provides2.sh: Use tempfile(1) for safe creation
of all temporary files. Many changes and untested. These scripts do not
work on linux anyway.
None of the above programs were ever run by rpm when building packages.
Therefore these security holes are unlikely to have impacted casual RPM
users.
Closes: #173242 (also sent upstream)
* rpmio.h ifdef fix for glibc 2.3. Closes: #173502
Files:
b485ad85ad3220925f12229f7012e746 703 admin optional rpm_4.0.4-14.dsc
f8e4abe3526f63ccedf0e085754734c6 19637 admin optional rpm_4.0.4-14.diff.gz
81cdafe2caa8d6cd89e948e331ecd775 514014 admin optional rpm_4.0.4-14_i386.deb
f7618aef71c7930f9149d2f376360244 742824 devel optional lsb-rpm_4.0.4-14_i386.deb
b37e36926867ccb6686ec42683ebbce9 344626 libs optional librpm4_4.0.4-14_i386.deb
0167535fe4e2ac2c3bfd3ae8efc41614 415044 devel extra librpm-dev_4.0.4-14_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+Aenv2tp5zXiKP0wRApKeAJ9etCIdvpgTl43B6S1ESAaDQa/u/QCfSl8Y
57AUd/jSXzNb7kXsAt7c1Ro=
=o/fQ
-----END PGP SIGNATURE-----
Accepted:
librpm-dev_4.0.4-14_i386.deb
to pool/main/r/rpm/librpm-dev_4.0.4-14_i386.deb
librpm4_4.0.4-14_i386.deb
to pool/main/r/rpm/librpm4_4.0.4-14_i386.deb
lsb-rpm_4.0.4-14_i386.deb
to pool/main/r/rpm/lsb-rpm_4.0.4-14_i386.deb
rpm_4.0.4-14.diff.gz
to pool/main/r/rpm/rpm_4.0.4-14.diff.gz
rpm_4.0.4-14.dsc
to pool/main/r/rpm/rpm_4.0.4-14.dsc
rpm_4.0.4-14_i386.deb
to pool/main/r/rpm/rpm_4.0.4-14_i386.deb
Reply to: