tagging package devscripts versio 2.12.6+deb7u2
Format: 1.8
Date: Mon, 23 Dec 2013 15:24:03 -0500
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.12.6+deb7u2
Distribution: wheezy
Urgency: high
Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.12.6+deb7u2) stable-security; urgency=high
.
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
Checksums-Sha1:
d791dc4fb815911030c1eef261404e6ca0133bdd 1441 devscripts_2.12.6+deb7u2.dsc
b9c2554aa0b29c4f89e6ebb048f350b424c026da 995606 devscripts_2.12.6+deb7u2.tar.gz
3f0ae2ceb64d2f60f8c8e5aa2344631166fd5181 876712 devscripts_2.12.6+deb7u2_amd64.deb
Checksums-Sha256:
7c8f41fc947818bf89750e0ab36ab0b765720f5d8e0b414f80afe9df601a8a45 1441 devscripts_2.12.6+deb7u2.dsc
f93e1217e9602637fc24960341bc635b995a9d6cb996c2bed7fe0d0f1e924677 995606 devscripts_2.12.6+deb7u2.tar.gz
8cd1f811b2f3d6e657f1d759c1e92c8eeb0852e4f5456be96169e05ee4775fb5 876712 devscripts_2.12.6+deb7u2_amd64.deb
Files:
d5297bf8b12ae04e76dbaca533643008 1441 devel optional devscripts_2.12.6+deb7u2.dsc
05943032dba32d0ee19bb011c02183ee 995606 devel optional devscripts_2.12.6+deb7u2.tar.gz
6041ea075b0e3b0a86565fa0b7ce6fbb 876712 devel optional devscripts_2.12.6+deb7u2_amd64.deb