[devscripts] 04/09: Document uscan security fixes, CVE-2013-6888 and CVE-2013-7085
James McCoy
jamessan at debian.org
Mon Dec 23 20:46:19 UTC 2013
This is an automated email from the git hooks/post-receive script.
jamessan pushed a commit to branch master
in repository devscripts.
commit 2810d99b1aaa6445bc2ea6f3f8a33045780daa6b
Author: James McCoy <jamessan at debian.org>
Date: Mon Dec 16 23:39:46 2013 -0500
Document uscan security fixes, CVE-2013-6888 and CVE-2013-7085
Signed-off-by: James McCoy <jamessan at debian.org>
---
debian/changelog | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 118938b..d5805a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,16 @@
devscripts (2.13.9) UNRELEASED; urgency=low
+ [ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.
+ [ James McCoy ]
+ * uscan:
+ + Repack the tarball and verify it is a compressed archive without
+ allowing arbitrary code execution. Fixes CVE-2013-6888.
+ + Use find's -exec to call rm directly instead of piping to xargs.
+ (Closes: #732006, CVE-2013-7085)
+
-- Martin Pitt <mpitt at debian.org> Thu, 12 Dec 2013 11:08:27 +0100
devscripts (2.13.8) unstable; urgency=medium
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list