[SCM] Debian package checker annotated tag, 2.5.10.5, created. 2.5.10.5
The annotated tag, 2.5.10.5 has been created
at 2f62d54c965d8ce6fa10ea1cc162e89811ee35e7 (tag)
tagging e0dc594b47a0c4d23c7fc7448c8824b69f656b71 (commit)
replaces 2.5.10.4
tagged by Niels Thykier
on Tue Apr 16 17:44:54 2013 +0200
- Shortlog ------------------------------------------------------------
Release lintian/2.5.10.5 into unstable
Format: 1.8
Date: Fri, 05 Apr 2013 17:15:00 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.10.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description:
lintian - Debian package checker
Changes:
lintian (2.5.10.5) unstable; urgency=medium
.
* checks/*:
+ [NT] Avoid following unsafe symlinks. (CVE-2013-1429)
* checks/debconf:
+ [NT] Fix several path traversal issues that could leak
information about the host system. (CVE-2013-1429)
* checks/init.d:
+ [NT] Fix possible symlink traversal that could leak
information about the host system. (CVE-2013-1429)
* checks/md5sums:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
* checks/menus:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
* checks/po-debconf:
+ [NT] Unconditionally set INTLTOOL_EXTRACT.
* checks/shared-libs:
+ [NT] Fix path traversal issue that could leak information
about the host system. (CVE-2013-1429)
.
* collection/*:
+ [NT] Avoid reading files outside the package root.
(CVE-2013-1429)
* collection/{changelog-file,debian-readme}:
+ [NT] Ignore files in usr/doc/<pkg>.
+ [NT] Skip collection if usr/share/doc/<pkg> is not contained
within the package root. (CVE-2013-1429)
.
* lib/Lintian/Collect/Package.pm:
+ [NT] When a check requests access to a raw file (or dir) in the
package, ensure that the resulting path does not "escape" the
top level directory. This should preemptively guard against some
(but not all) traversal attempts.
* lib/Lintian/Util.pm:
+ [NT] Add sub to check if a path is contained within a given dir.
Checksums-Sha1:
178a5a5ecb816af7a2077d58a1a958ca61c9cb25 1678 lintian_2.5.10.5.dsc
b35b7ad19d27f120e4d20efb2f5a213af8b06c01 1118087 lintian_2.5.10.5.tar.gz
d457e8ad4a06a57189103e5934c355cec23eaac0 711838 lintian_2.5.10.5_all.deb
Checksums-Sha256:
ed7d3b600964b6a3c24661ae44ca68615dd11358f1d1231c15719c732fa38325 1678 lintian_2.5.10.5.dsc
9e15cc2bb18bbe58d04746d05a25eca12758579bfd03f478bbb6117368636d64 1118087 lintian_2.5.10.5.tar.gz
d616f266548ac5356e63bf5cba1bdcce9d8eea4e1d791491aee17bfd49bf09b0 711838 lintian_2.5.10.5_all.deb
Files:
78e37740ac9e7f00304739a3e66f22cd 1678 devel optional lintian_2.5.10.5.dsc
043eac91f77672ad19a43a478c643d68 1118087 devel optional lintian_2.5.10.5.tar.gz
407e5bb7ea0baebab3d08b587c29a83a 711838 devel optional lintian_2.5.10.5_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABCAAGBQJRbXH2AAoJEAVLu599gGRC/70P/2Qy8fS6LzGQyolQCrazG95S
5yVFqH2zj+aAXn6os5knm56WIrxH1oBBtxpkKH2JHE61kT4HPFnFF/j20ZnIo2/4
ED6r/qvvRXG58Y7rX8SLsl658I86U4EKR5hfds5NEEKvC6+Tc5i59NjgfX+B9QXu
SG8+wFcmzHyI1eEKRgCsC4T6jLFqyHJQr/gnmXoCbAI/2gTNy1jF6d1cacNbkD+Z
Fq2b3VPcvfq11SZTS2cFMOtjwgnNU8AaZ+7WPRZV0HEIzYE8P7PMTeIzOtXA7fAH
SRZhIdNl0vBz9ahbWCgn4fpgRzG3NPs9H2tAvfsG5wc83asBKhARunWZrcqWNZyU
Gd3mxIfUk9+VkzKg1nrCcCJB5E5VsJn9DwnJ2sqmIeUCmg8Npm9e5TxHiIWf1UHf
rOWrSIF7l/R9XgyK6wRdJ5eHIAhiFUfcj0/v4KyUMUle59st3ucOVIkuXc2B+W+T
GEMTfJkMT5s94czb320r6iBipHT9M+iLFSHWkM2LZm9eBjiAwhgjFwLs7ODN0OJc
d5kcC1Kp+MTMzo5Ii0dEmLKlxtmwztStE7XQc1HC6weInDL6QvL2hI5W5E+yugZr
GeSyXcOH1w6AMs10XGFPhUxO76FsLaPrb8x57ObZRxnKNpW5BfD35UAiCUCUUez2
wihNV2TcXR3l6FPEfL4y
=D4bx
-----END PGP SIGNATURE-----
Niels Thykier (15):
c/md5sums: Skip check if the md5sums file is a symlink
c/debconf: Check the sanity of the Binaries field
c/debconf: Before opening files, check they are not symlinks
c/init.d: Guard against possible symlink traversals
c/menus: Skip maintscripts that are symlink
c/shared-libs: Ignore maintscript that are symlinks
L::Util: Add is_ancestor_of function
coll/changelog-file: Check usr/share/doc/<pkg> is safe
coll/debian-readme: Check that usr/share/doc/<pkg> is safe
coll/*: Fix traversal via symlink in multiple collections
checks/*: Check for symlinks before opening files
checks/po-debconf: Set INTLTOOL_EXTRACT unconditionally
L::C::Package: Check filenames for possible traversals
d/changelog: Add reference to CVE-2013-1429
Release lintian/2.5.10.5 into unstable
-----------------------------------------------------------------------
--
Debian package checker
Reply to: