Back to lintian PTS page

Accepted lintian 2.5.10.5 (source all)

To: debian-devel-changes@lists.debian.org
Subject: Accepted lintian 2.5.10.5 (source all)
From: Niels Thykier <niels@thykier.net>
Date: Tue, 16 Apr 2013 16:17:54 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1US8Zu-0003hC-CO@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 05 Apr 2013 17:15:00 +0200
Source: lintian
Binary: lintian
Architecture: source all
Version: 2.5.10.5
Distribution: unstable
Urgency: medium
Maintainer: Debian Lintian Maintainers <lintian-maint@debian.org>
Changed-By: Niels Thykier <niels@thykier.net>
Description: 
 lintian    - Debian package checker
Changes: 
 lintian (2.5.10.5) unstable; urgency=medium
 .
   * checks/*:
     + [NT] Avoid following unsafe symlinks.  (CVE-2013-1429)
   * checks/debconf:
     + [NT] Fix several path traversal issues that could leak
       information about the host system.  (CVE-2013-1429)
   * checks/init.d:
     + [NT] Fix possible symlink traversal that could leak
       information about the host system.  (CVE-2013-1429)
   * checks/md5sums:
     + [NT] Fix path traversal issue that could leak information
       about the host system.  (CVE-2013-1429)
   * checks/menus:
     + [NT] Fix path traversal issue that could leak information
       about the host system.  (CVE-2013-1429)
   * checks/po-debconf:
     + [NT] Unconditionally set INTLTOOL_EXTRACT.
   * checks/shared-libs:
     + [NT] Fix path traversal issue that could leak information
       about the host system.  (CVE-2013-1429)
 .
   * collection/*:
     + [NT] Avoid reading files outside the package root.
       (CVE-2013-1429)
   * collection/{changelog-file,debian-readme}:
     + [NT] Ignore files in usr/doc/<pkg>.
     + [NT] Skip collection if usr/share/doc/<pkg> is not contained
       within the package root.  (CVE-2013-1429)
 .
   * lib/Lintian/Collect/Package.pm:
     + [NT] When a check requests access to a raw file (or dir) in the
       package, ensure that the resulting path does not "escape" the
       top level directory.  This should preemptively guard against some
       (but not all) traversal attempts.
   * lib/Lintian/Util.pm:
     + [NT] Add sub to check if a path is contained within a given dir.
Checksums-Sha1: 
 ad8677e94b49a328dfda6e563d3078627ebb70f2 2564 lintian_2.5.10.5.dsc
 b35b7ad19d27f120e4d20efb2f5a213af8b06c01 1118087 lintian_2.5.10.5.tar.gz
 d457e8ad4a06a57189103e5934c355cec23eaac0 711838 lintian_2.5.10.5_all.deb
Checksums-Sha256: 
 1a8e214cc3cd31adb293db5d0b70ed7502915ea39ea86e6e29be1ec2d3fbc6fe 2564 lintian_2.5.10.5.dsc
 9e15cc2bb18bbe58d04746d05a25eca12758579bfd03f478bbb6117368636d64 1118087 lintian_2.5.10.5.tar.gz
 d616f266548ac5356e63bf5cba1bdcce9d8eea4e1d791491aee17bfd49bf09b0 711838 lintian_2.5.10.5_all.deb
Files: 
 0625cbe97c3822e81725f9e7e09d8d5b 2564 devel optional lintian_2.5.10.5.dsc
 043eac91f77672ad19a43a478c643d68 1118087 devel optional lintian_2.5.10.5.tar.gz
 407e5bb7ea0baebab3d08b587c29a83a 711838 devel optional lintian_2.5.10.5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRbXXOAAoJEAVLu599gGRC5VgP/03OqnHLOjVhDG+/EP3Ck73U
rVua2VFCqDwGn6JpeM9cBGWLArzJdbh/fPddfEuy5SpE3M6/Bk7JltG+A3/8l3hc
/dlnKyGrCWZbJ/KkrsvAyp5TfiS71IfHA+/SXHpQ731HPYf3fV0ewMsUwys7uaqx
yHEN0KN5N27CnHWey5MblxaBvoitZ4s0+WcxGLKeaK/WHdrsMM1uVoD6YTAyRPrS
KfbaVdXyTLezEYVSU4QSSAPNWVVRzyg/Orx+ll8AcyH+DnWjsix7zL+H9516mFy7
TqPH366CpYcJsNMThe5vRCX0Y24N0ccungWP/8HahOiBVADTnK39K3YsGiizalLy
+kvjsgOL2bNBtVmrZ4KaHUIYzktE//0o+TmpVzOkMXzfXgXbIswTMhHlOtjv1i26
blSlENI1yW1W76b3v3/N4B4QNPQSeFz7wRsowunapgArMdNKJnz1MUfNT5lrYF+O
+U1TNyX3Na2qtheuxUWkkxtgMV01SxQ9L6EZ5yPCMHzhpiNBSDyOEXgyE1dCzrgH
EvSWljuX6X2szH82kg3KmO71J4qJVSCmc8OZ2jS62royInz1Py38pRVCuxK6Khy9
0leJFseTgR4BNfMhfU44LWH+DOLOttjLFbZglTPwpPzT7Vs4K7F/eqtw5O/nFUXh
U0SA8gnzDFmgxvI9jShe
=Mee6
-----END PGP SIGNATURE-----