FAQ Search Today's Posts Mark Forums Read

» Linux Archive
Home
New Posts
Search
FAQ


Go Back   Linux Archive > Debian > Debian dpkg
Reload this Page Accepted dpkg 1.14.29 (source i386 all)

 
 
LinkBack Thread Tools
 
Old 03-11-2010, 06:52 AM
Raphael Hertzog
 
Default Accepted dpkg 1.14.29 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 05 Mar 2010 22:25:05 +0100
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source i386 all
Version: 1.14.29
Distribution: stable-security
Urgency: high
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Raphael Hertzog <hertzog@debian.org>
Description:
dpkg - Debian package management system
dpkg-dev - Debian package development tools
dselect - Debian package management front-end
Changes:
dpkg (1.14.29) stable-security; urgency=high
.
* Modify dpkg-source to error out when it would apply patches containing
insecure paths (with "/../") and also error out when it would apply a
patch through a symlink. Those checks are required as patch will happily
modify files outside of the target directory and unpacking a source package
should not be able to have any side-effect outside of the target
directory. Fixes CVE-2010-0396.
* Also error out when the quilt series contains a path with "/../" as this
can cause patch to create files outside of the source package due
to the -B .pc/$path option that it gets.
Checksums-Sha1:
e81eb4c798045a11fdee5606388856d1014399e7 1544 dpkg_1.14.29.dsc
15a35dd96dac6a99f24844b2eff85f8fad37ab06 6849885 dpkg_1.14.29.tar.gz
563bbe50a3b9c4de8c959cddfa0a1bf1f501ef78 2354472 dpkg_1.14.29_i386.deb
d1f6d7e408248a9ee4ea3a1ddf53f059d8f86aa4 800424 dselect_1.14.29_i386.deb
064cc9ed34ca39521c2498c8f924d5b0aa9fcf82 770984 dpkg-dev_1.14.29_all.deb
Checksums-Sha256:
b2c1b31bead8baeae149ebc7a88ec7c410e34e46bb9b06fc68 625d991c38a2be 1544 dpkg_1.14.29.dsc
ea7ec1c861af43ba534a0d7997774a5f1fd4e25a7eea4ff229 c9c7bf89aed633 6849885 dpkg_1.14.29.tar.gz
62d109b8f291a2bc57a18dd7f44abd9517f42d46192ba94820 3d6c6470d642ca 2354472 dpkg_1.14.29_i386.deb
32526cc79a407da24377a020a3721adf5c12879bf0d2c090f2 31fc814c08d58c 800424 dselect_1.14.29_i386.deb
a641ff178bc150712d2d16c1ee158ab1df824f714167f8b71e 8671d1f0daf8f3 770984 dpkg-dev_1.14.29_all.deb
Files:
7cf187bdb138606465a626f30da65423 1544 admin required dpkg_1.14.29.dsc
4326172a959b5b6484b4bc126e9f628d 6849885 admin required dpkg_1.14.29.tar.gz
d81c926899c940f03190ea74bfbecb7f 2354472 admin required dpkg_1.14.29_i386.deb
66ebb60ebc836702afbe8cae59a39f35 800424 admin optional dselect_1.14.29_i386.deb
76f021d6ddbbd0726f123cc993f55b40 770984 utils optional dpkg-dev_1.14.29_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQEcBAEBCAAGBQJLlV+oAAoJEAOIHavrwpq5hgoH/jlu5tFnaKLF07bNYaNEQmU8
bXvNcSriSbkHjDmYsJMCrIs7ozBpvL+Qr6mVx0ZXY2s0pTt59P hvye6IEnaPy8UB
0R50WrA+5UjVb/iuaESHMN7Fvequ0+qjQW5OUPtWwUbtGNiNbKEUMoZE2quIs4ZR
56OO3ujkahk4ffDdZ/E7qQATjO9xHK++/W23A945rVSXc26I5aCt5wuBsvY8Sngb
D0ExvREHrZa3pdEVTEDqvyHHEIus4eMXMcNTNKhJ9gj76Gl7hp 6uoQujgu9+fPcx
NobV6/uz3hgE9ZKsttOhmJZ8O/11fRznQ+InCjAK7/Fqr7aWd2kqC9mpAW+XfP4=
=x5vh
-----END PGP SIGNATURE-----


Accepted:
dpkg-dev_1.14.29_all.deb
to main/d/dpkg/dpkg-dev_1.14.29_all.deb
dpkg_1.14.29.dsc
to main/d/dpkg/dpkg_1.14.29.dsc
dpkg_1.14.29.tar.gz
to main/d/dpkg/dpkg_1.14.29.tar.gz
dpkg_1.14.29_i386.deb
to main/d/dpkg/dpkg_1.14.29_i386.deb
dselect_1.14.29_i386.deb
to main/d/dpkg/dselect_1.14.29_i386.deb



--
To UNSUBSCRIBE, email to debian-dpkg-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1NpdCH-00006k-Tn@ries.debian.org">http://lists.debian.org/E1NpdCH-00006k-Tn@ries.debian.org
 

Thread Tools




All times are GMT. The time now is 01:56 PM.

VBulletin, Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -