dpkg_1.15.11_amd64.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 05 Jun 2014 22:52:45 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.15.11
Distribution: squeeze-security
Urgency: high
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
libdpkg-dev - Debian package management static library
libdpkg-perl - Dpkg perl modules
Closes: 746498 749183
Changes:
dpkg (1.15.11) squeeze-security; urgency=high
.
[ Guillem Jover ]
* Test suite:
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <javier@jasp.net> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
Checksums-Sha1:
4426c4d44a6c6c7c8eb21ad6e149d4b8bc71ec0e 1844 dpkg_1.15.11.dsc
0d562e96d4df9592a8b96bfc76b19be91e88beee 5269052 dpkg_1.15.11.tar.bz2
641c051ee3adebdd4a76222b0a9b0d59fc2d950d 440340 libdpkg-dev_1.15.11_amd64.deb
095bd30806da1bad9e231c3910ac13430e2d7728 2401838 dpkg_1.15.11_amd64.deb
52ea8293218b9a00764a2517eb1d62da1dfccb85 908748 dselect_1.15.11_amd64.deb
1c3b37c6157816a79674fcab8323d929bbeee11d 815412 dpkg-dev_1.15.11_all.deb
71dfa4767c572e62d041c6ab3cf5f0c86571a030 697686 libdpkg-perl_1.15.11_all.deb
Checksums-Sha256:
207f68ed5ef4888e26f1918c84a3400fa32fd09ad098600ff7b4b9e6d8398c63 1844 dpkg_1.15.11.dsc
7db2e5e23147e4159d95345dce420236a4af2c0ecff0a38dadee35160bb6f739 5269052 dpkg_1.15.11.tar.bz2
9b9f1eb8f2536e8be4d4a9157f6262dff4f277285de1c25dc34fa2bc2df4cf72 440340 libdpkg-dev_1.15.11_amd64.deb
b8921f46999dee2a1c48e08daf45d704de9951dff2879afabd458b341c402ed2 2401838 dpkg_1.15.11_amd64.deb
0fd10aee9a03794e82530793b2ba71ff1b634b077d1d2475b259364a5debcb5b 908748 dselect_1.15.11_amd64.deb
e0a6b0b3a506e5c48c7dfa5d439e645ad0416980c3c28f2c70ae4bdd3d8374e6 815412 dpkg-dev_1.15.11_all.deb
afa97dfcddbf8a0856701622159a4711a8d471f9cacd9e0de1ba44b91ef0eba6 697686 libdpkg-perl_1.15.11_all.deb
Files:
ed3eaf21406b5cf68c7e497dad16b8d7 1844 admin required dpkg_1.15.11.dsc
92f54904ddc5b63f01308d181d8fcdf4 5269052 admin required dpkg_1.15.11.tar.bz2
49bd29615ce3eb1cfc9409d601770cad 440340 libdevel optional libdpkg-dev_1.15.11_amd64.deb
790ecea2ea1793a396df0ad254f00df0 2401838 admin required dpkg_1.15.11_amd64.deb
2548575c77fced8d6ef1dd5f78871a4d 908748 admin optional dselect_1.15.11_amd64.deb
68c22adf6501b43523510c606a0366f4 815412 utils optional dpkg-dev_1.15.11_all.deb
5569fd703e0c43f304b232108e4de210 697686 perl optional libdpkg-perl_1.15.11_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAEBCAAGBQJTkN8sAAoJELlyvz6krlejZ0AP/RrUH5XmCbk3LVFpJsR7Gpx3
q6kUkzTisedFG0bgHsGeOxTljSVjgdCVKJ1gD8a+rVKMxNxyPTg6eWxw/Aium6wJ
H8u5qyLC+ZrCiBvKF3Bb0TsaiKCzc3yihd6/Z7mbLaSetC9K2MUnybnm5ESJlnmy
0HzOH3YerDvkMY4RCJyl/Z7j0VR+dX+EnD2cJrg8ivAHxoldaUPHxUaZzGRz33b5
V5J+r+o9OrXr9R7LnKbaMTQqBTj5Y169k4ZBFL00aaUiNZ4Q8HbMYDosPRn+mbdf
lrbzhHgThOlemK8hKV1yR6NexsUxuGiX/fbIRu2MYAfiaXjkmVoOiI6bBlJ3HwH+
GvTTbQnB7Gjhj0Guh50eoxankAZDVaxDY9a8q/jCMqPDRxCj0ZT46cma+27R81Ve
SRR5F79FU7J6h1uKspG8hHtUpep7zcrlxy2cW/TNcuiwfEv/aezW3zGqyMpwHG+X
Go6nDSI6p6L5y9EphSR3aNQDwjAvmBZhJF4Lj1AdSKy7tg/z+9Ahqu0U71cXmnfz
mr+xB7hf0AToNK1EB6ir/vZke/X2WY9/Qgl/gnqXyMkCCgS8MJkIBtaRCdQn34Db
BH3N3chFDejUn532mjrDnQFFXVTtDJ84xJMI+CVFg2YwCKwCHABK9ADz4d6eq0X/
YOQfC0pitPinsMz6Sx+5
=tDcj
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
Reply to: