[SCM] Debian package checker branch, master, updated. 2.5.11-269-g4fa9095
The following commit has been merged in the master branch:
commit 751dee4653e5960ca03f3164c15bb849a85fc976
Author: Niels Thykier <niels@thykier.net>
Date: Tue Apr 16 17:19:16 2013 +0200
d/changelog: Add CVE-2013-1429 reference and bump urgency
Signed-off-by: Niels Thykier <niels@thykier.net>
diff --git a/debian/changelog b/debian/changelog
index 05b157f..9592ef7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-lintian (2.5.12) UNRELEASED; urgency=low
+lintian (2.5.12) UNRELEASED; urgency=medium
* Summary of tag changes:
+ Added:
@@ -36,7 +36,7 @@ lintian (2.5.12) UNRELEASED; urgency=low
- unneeded-build-dep-on-quilt
* checks/*:
- + [NT] Avoid following unsafe symlinks.
+ + [NT] Avoid following unsafe symlinks. (CVE-2013-1429)
* checks/binaries{,.desc}:
+ [NT] Accept libx32 as a bi-arch directory.
+ [NT] Correct reference policy reference. Thanks to
@@ -71,7 +71,7 @@ lintian (2.5.12) UNRELEASED; urgency=low
paths).
* checks/debconf:
+ [NT] Fix several path traversal issues that could leak
- information about the host system.
+ information about the host system. (CVE-2013-1429)
* checks/debhelper{,.desc}:
+ [JW] Assume the proper python helpers are called if a
(Makefile) variable is used. (Closes: #659335)
@@ -116,7 +116,7 @@ lintian (2.5.12) UNRELEASED; urgency=low
init.d passed to update-rc.d. Thanks to Michael Meskes for
reporting. (Closes: #698602)
+ [NT] Fix possible symlink traversal that could leak
- information about the host system.
+ information about the host system. (CVE-2013-1429)
* checks/java{,.desc}:
+ [NT] Report possibly broken jar files.
* checks/md5sums:
@@ -134,7 +134,7 @@ lintian (2.5.12) UNRELEASED; urgency=low
of menu-icon-not-in-xpm-format. (Closes: 591812)
* checks/menus:
+ [NT] Fix path traversal issue that could leak information
- about the host system.
+ about the host system. (CVE-2013-1429)
* checks/patch-systems{,.desc}:
+ [NT] Retire unneeded-build-dep-on-quilt, it is only a pedantic
tag and apparently not too accurate. Thanks to Charles Plessy
@@ -150,7 +150,7 @@ lintian (2.5.12) UNRELEASED; urgency=low
+ [NT] Special case gcc packages when looking for dev symlinks.
gcc stores its dev symlinks in some special directories.
+ [NT] Fix path traversal issue that could leak information
- about the host system.
+ about the host system. (CVE-2013-1429)
* checks/source-copyright{,.desc}:
+ [JW,NT] Add a separate tag for ambiguous DEP-5 paragraphs,
where Lintian cannot reliably figure out what is intended.
@@ -170,10 +170,11 @@ lintian (2.5.12) UNRELEASED; urgency=low
* collection/*:
+ [NT] Avoid reading files outside the package root.
+ (CVE-2013-1429)
* collection/{changelog-file,debian-readme}:
+ [NT] Ignore files in usr/doc/<pkg>.
+ [NT] Skip collection if usr/share/doc/<pkg> is not contained
- within the package root.
+ within the package root. (CVE-2013-1429)
* collection/hardening-info{,-helper,.desc}:
+ [NT] Whitelist "memset" and "memmove" as "always safe"
functions. Thanks to Sebastian Ramacher for the suggestion
--
Debian package checker
Reply to: