[SCM] Git repository for devscripts branch, squeeze, updated. v2.10.69+squeeze3
James McCoy
jamessan at debian.org
Sat Sep 1 14:59:02 UTC 2012
The following commit has been merged in the squeeze branch:
commit bf281f3a2318143983891078de0637d915deaaed
Author: James McCoy <jamessan at debian.org>
Date: Sun Aug 26 11:39:23 2012 -0400
releasing version 2.10.69+squeeze3
diff --git a/debian/changelog b/debian/changelog
index 3458441..4ac3d67 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+devscripts (2.10.69+squeeze3) stable-security; urgency=high
+
+ * annotate-output: Fix to prevent symlink attack: don't delete
+ safely-created file and reuse its name. Instead, create temporary
+ directory and create FIFOs therein. Also, be sure to remove temporaries
+ upon catchable signal. Thanks to Jim Meyering for the patch. Fixes
+ CVE-2012-3500.
+
+ -- James McCoy <jamessan at debian.org> Sun, 26 Aug 2012 11:38:43 -0400
+
devscripts (2.10.69+squeeze2) squeeze-security; urgency=high
[ Adam D. Barratt ]
--
Git repository for devscripts
More information about the devscripts-devel
mailing list