tagging package devscripts version 2.13.9
Format: 1.8
Date: Mon, 23 Dec 2013 15:28:45 -0500
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.13.9
Distribution: unstable
Urgency: low
Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 732006 732807
Changes:
devscripts (2.13.9) unstable; urgency=low
.
[ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.
.
[ James McCoy ]
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Use find's -exec to call rm directly instead of piping to xargs.
(Closes: #732006, CVE-2013-7085)
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
+ Fix handling of 'dirname' exclusions, so 'dirname/*' isn't required.
.
[ Salvatore Bonaccorso ]
* uscan: Fix unitialized value warning when copyright is not in
copyright-format 1.0. (Closes: #732807)
Checksums-Sha1:
ddf1563312c51c4f26ee839d9e727ad26d2f4fba 1237 devscripts_2.13.9.dsc
3441585a591f4075f7b8d7aa8bf73a88697bdd6c 578684 devscripts_2.13.9.tar.xz
d1527931206b5be9e5ebdea815457d9e2dd120c0 863220 devscripts_2.13.9_amd64.deb
Checksums-Sha256:
9010f1132409555996a00d1530413837be0d24b3d98f9736d6bb532a34485c08 1237 devscripts_2.13.9.dsc
78e63e02ecd204ca8157693dc5969eddaf1312d26b572f5dd6ab646ef674c916 578684 devscripts_2.13.9.tar.xz
a56ebd01870f9125fe2e2b9dcd5fef089c1569e680e7c193f6a81ec568c55726 863220 devscripts_2.13.9_amd64.deb
Files:
c8d9bd08252ace0274745c2dcb733a45 1237 devel optional devscripts_2.13.9.dsc
a55e715d41cd45c465fa937683e8e5dd 578684 devel optional devscripts_2.13.9.tar.xz
c46e70249eade032df77eb259b6161b9 863220 devel optional devscripts_2.13.9_amd64.deb