Package : dpkg Version : 1.15.12 CVE ID : CVE-2015-0840 Debian Bug : 617923 695919 Jann Horn discovered that the source package integrity verification in dpkg-source can be bypassed via a specially crafted Debian source control file (.dsc). Note that this flaw only affects extraction of local Debian source packages via dpkg-source but not the installation of packages from the Debian archive. For the oldoldstable distribution (squeeze), this problem has been fixed in version 1.15.12. This also fixes a similar bug discovered by Ansgar Burchardt and a bug in the same area discovered by Roger Leigh. For the oldstable distribution (wheezy), this problem was fixed in version 1.16.16. The stable distribution (jessie) was not affected by this problem as it was fixed before release. -- Ben Hutchings - Debian developer, member of Linux kernel and LTS teams
Attachment:
signature.asc
Description: This is a digitally signed message part