[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted rpm 4.0.4-14 (i386 source)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 19 Dec 2002 00:31:10 -0500
Source: rpm
Binary: rpm librpm-dev lsb-rpm librpm4
Architecture: source i386
Version: 4.0.4-14
Distribution: unstable
Urgency: medium
Maintainer: Joey Hess <joeyh@debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description: 
 librpm-dev - RPM shared library, development kit
 librpm4    - RPM shared library
 lsb-rpm    - Red Hat package manager for LSB package building
 rpm        - Red Hat package manager
Closes: 173242 173502
Changes: 
 rpm (4.0.4-14) unstable; urgency=MEDIUM
 .
   * Minor security fixes spotted by Paul Szabo.
     - cpanflute: check mkdir call and abort on failure
     - cross-build: drop the files into ~/srpms/done, not /tmp/srpms/done; but
       of course this is just an example script like it says
     - rpmdiff.cgi: like so many CGI scripts, this is utter insecure crap (use
       viewcvs); removed from binary package. Added note that it is completly
       insecure to source and make it die on startup. (Maximum impact:
       executation of arbitrary code as user cgi script runs as.)
     - vpkg-provides.sh, vpkg-provides2.sh: Use tempfile(1) for safe creation
       of all temporary files. Many changes and untested. These scripts do not
       work on linux anyway.
     None of the above programs were ever run by rpm when building packages.
     Therefore these security holes are unlikely to have impacted casual RPM
     users.
     Closes: #173242 (also sent upstream)
   * rpmio.h ifdef fix for glibc 2.3. Closes: #173502
Files: 
 b485ad85ad3220925f12229f7012e746 703 admin optional rpm_4.0.4-14.dsc
 f8e4abe3526f63ccedf0e085754734c6 19637 admin optional rpm_4.0.4-14.diff.gz
 81cdafe2caa8d6cd89e948e331ecd775 514014 admin optional rpm_4.0.4-14_i386.deb
 f7618aef71c7930f9149d2f376360244 742824 devel optional lsb-rpm_4.0.4-14_i386.deb
 b37e36926867ccb6686ec42683ebbce9 344626 libs optional librpm4_4.0.4-14_i386.deb
 0167535fe4e2ac2c3bfd3ae8efc41614 415044 devel extra librpm-dev_4.0.4-14_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Aenv2tp5zXiKP0wRApKeAJ9etCIdvpgTl43B6S1ESAaDQa/u/QCfSl8Y
57AUd/jSXzNb7kXsAt7c1Ro=
=o/fQ
-----END PGP SIGNATURE-----


Accepted:
librpm-dev_4.0.4-14_i386.deb
  to pool/main/r/rpm/librpm-dev_4.0.4-14_i386.deb
librpm4_4.0.4-14_i386.deb
  to pool/main/r/rpm/librpm4_4.0.4-14_i386.deb
lsb-rpm_4.0.4-14_i386.deb
  to pool/main/r/rpm/lsb-rpm_4.0.4-14_i386.deb
rpm_4.0.4-14.diff.gz
  to pool/main/r/rpm/rpm_4.0.4-14.diff.gz
rpm_4.0.4-14.dsc
  to pool/main/r/rpm/rpm_4.0.4-14.dsc
rpm_4.0.4-14_i386.deb
  to pool/main/r/rpm/rpm_4.0.4-14_i386.deb
Reply to: