Back to dpkg PTS page

Accepted dpkg 1.14.29 (source i386 all)

To: debian-changes@lists.debian.org
Subject: Accepted dpkg 1.14.29 (source i386 all)
From: Raphael Hertzog <hertzog@debian.org>
Date: Thu, 11 Mar 2010 07:52:45 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1NpdCH-00006k-Tn@ries.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 05 Mar 2010 22:25:05 +0100
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source i386 all
Version: 1.14.29
Distribution: stable-security
Urgency: high
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Raphael Hertzog <hertzog@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
Changes: 
 dpkg (1.14.29) stable-security; urgency=high
 .
   * Modify dpkg-source to error out when it would apply patches containing
     insecure paths (with "/../") and also error out when it would apply a
     patch through a symlink. Those checks are required as patch will happily
     modify files outside of the target directory and unpacking a source package
     should not be able to have any side-effect outside of the target
     directory. Fixes CVE-2010-0396.
   * Also error out when the quilt series contains a path with "/../" as this
     can cause patch to create files outside of the source package due
     to the -B .pc/$path option that it gets.
Checksums-Sha1: 
 e81eb4c798045a11fdee5606388856d1014399e7 1544 dpkg_1.14.29.dsc
 15a35dd96dac6a99f24844b2eff85f8fad37ab06 6849885 dpkg_1.14.29.tar.gz
 563bbe50a3b9c4de8c959cddfa0a1bf1f501ef78 2354472 dpkg_1.14.29_i386.deb
 d1f6d7e408248a9ee4ea3a1ddf53f059d8f86aa4 800424 dselect_1.14.29_i386.deb
 064cc9ed34ca39521c2498c8f924d5b0aa9fcf82 770984 dpkg-dev_1.14.29_all.deb
Checksums-Sha256: 
 b2c1b31bead8baeae149ebc7a88ec7c410e34e46bb9b06fc68625d991c38a2be 1544 dpkg_1.14.29.dsc
 ea7ec1c861af43ba534a0d7997774a5f1fd4e25a7eea4ff229c9c7bf89aed633 6849885 dpkg_1.14.29.tar.gz
 62d109b8f291a2bc57a18dd7f44abd9517f42d46192ba948203d6c6470d642ca 2354472 dpkg_1.14.29_i386.deb
 32526cc79a407da24377a020a3721adf5c12879bf0d2c090f231fc814c08d58c 800424 dselect_1.14.29_i386.deb
 a641ff178bc150712d2d16c1ee158ab1df824f714167f8b71e8671d1f0daf8f3 770984 dpkg-dev_1.14.29_all.deb
Files: 
 7cf187bdb138606465a626f30da65423 1544 admin required dpkg_1.14.29.dsc
 4326172a959b5b6484b4bc126e9f628d 6849885 admin required dpkg_1.14.29.tar.gz
 d81c926899c940f03190ea74bfbecb7f 2354472 admin required dpkg_1.14.29_i386.deb
 66ebb60ebc836702afbe8cae59a39f35 800424 admin optional dselect_1.14.29_i386.deb
 76f021d6ddbbd0726f123cc993f55b40 770984 utils optional dpkg-dev_1.14.29_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQEcBAEBCAAGBQJLlV+oAAoJEAOIHavrwpq5hgoH/jlu5tFnaKLF07bNYaNEQmU8
bXvNcSriSbkHjDmYsJMCrIs7ozBpvL+Qr6mVx0ZXY2s0pTt59Phvye6IEnaPy8UB
0R50WrA+5UjVb/iuaESHMN7Fvequ0+qjQW5OUPtWwUbtGNiNbKEUMoZE2quIs4ZR
56OO3ujkahk4ffDdZ/E7qQATjO9xHK++/W23A945rVSXc26I5aCt5wuBsvY8Sngb
D0ExvREHrZa3pdEVTEDqvyHHEIus4eMXMcNTNKhJ9gj76Gl7hp6uoQujgu9+fPcx
NobV6/uz3hgE9ZKsttOhmJZ8O/11fRznQ+InCjAK7/Fqr7aWd2kqC9mpAW+XfP4=
=x5vh
-----END PGP SIGNATURE-----


Accepted:
dpkg-dev_1.14.29_all.deb
  to main/d/dpkg/dpkg-dev_1.14.29_all.deb
dpkg_1.14.29.dsc
  to main/d/dpkg/dpkg_1.14.29.dsc
dpkg_1.14.29.tar.gz
  to main/d/dpkg/dpkg_1.14.29.tar.gz
dpkg_1.14.29_i386.deb
  to main/d/dpkg/dpkg_1.14.29_i386.deb
dselect_1.14.29_i386.deb
  to main/d/dpkg/dselect_1.14.29_i386.deb