[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 220-1] dpkg security update

Package        : dpkg
Version        : 1.15.12
CVE ID         : CVE-2015-0840
Debian Bug     : 617923 695919

Jann Horn discovered that the source package integrity verification in
dpkg-source can be bypassed via a specially crafted Debian source
control file (.dsc). Note that this flaw only affects extraction of
local Debian source packages via dpkg-source but not the installation of
packages from the Debian archive.

For the oldoldstable distribution (squeeze), this problem has been
fixed in version 1.15.12.  This also fixes a similar bug discovered
by Ansgar Burchardt and a bug in the same area discovered by Roger

For the oldstable distribution (wheezy), this problem was fixed in
version 1.16.16.

The stable distribution (jessie) was not affected by this problem as
it was fixed before release.

Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: