[devscripts] annotated tag v2.12.6+deb7u2 created (now c990b66)
James McCoy
jamessan at debian.org
Mon Dec 23 20:46:21 UTC 2013
This is an automated email from the git hooks/post-receive script.
jamessan pushed a change to annotated tag v2.12.6+deb7u2
in repository devscripts.
at c990b66 (tag)
tagging f4e4f13fb76358292ffd370f22dc6291ad74b2a3 (commit)
replaces v2.12.6+deb7u1
tagged by James McCoy
on Mon Dec 23 15:44:32 2013 -0500
- Log -----------------------------------------------------------------
tagging package devscripts versio 2.12.6+deb7u2
Format: 1.8
Date: Mon, 23 Dec 2013 15:24:03 -0500
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.12.6+deb7u2
Distribution: wheezy
Urgency: high
Maintainer: Devscripts Devel Team <devscripts-devel at lists.alioth.debian.org>
Changed-By: James McCoy <jamessan at debian.org>
Description:
devscripts - scripts to make the life of a Debian Package maintainer easier
Changes:
devscripts (2.12.6+deb7u2) stable-security; urgency=high
.
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
Checksums-Sha1:
d791dc4fb815911030c1eef261404e6ca0133bdd 1441 devscripts_2.12.6+deb7u2.dsc
b9c2554aa0b29c4f89e6ebb048f350b424c026da 995606 devscripts_2.12.6+deb7u2.tar.gz
3f0ae2ceb64d2f60f8c8e5aa2344631166fd5181 876712 devscripts_2.12.6+deb7u2_amd64.deb
Checksums-Sha256:
7c8f41fc947818bf89750e0ab36ab0b765720f5d8e0b414f80afe9df601a8a45 1441 devscripts_2.12.6+deb7u2.dsc
f93e1217e9602637fc24960341bc635b995a9d6cb996c2bed7fe0d0f1e924677 995606 devscripts_2.12.6+deb7u2.tar.gz
8cd1f811b2f3d6e657f1d759c1e92c8eeb0852e4f5456be96169e05ee4775fb5 876712 devscripts_2.12.6+deb7u2_amd64.deb
Files:
d5297bf8b12ae04e76dbaca533643008 1441 devel optional devscripts_2.12.6+deb7u2.dsc
05943032dba32d0ee19bb011c02183ee 995606 devel optional devscripts_2.12.6+deb7u2.tar.gz
6041ea075b0e3b0a86565fa0b7ce6fbb 876712 devel optional devscripts_2.12.6+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAABCgAGBQJSuKDIAAoJEN/mka4zG6PbB0sP/jy1nv858Xf/UZGEwbL5GKRp
7ABWZHa3q/1mnE7HQXz4dbfyoz50TSv6KxUIdT2L1bjDl9ZhrrR3a8CJQ1GIKgjE
uu4nYByxndEFke5GkSj5y3hwsHgUA2qOMUxnv3vGfpVt5Q3vi3NaDfAqhyNNs+3H
ZwUM8Rf8hIZ5diCOPZmz2M+UdKdXHtRbdulnMtzN317AkX82xWJJino3ijb4JJWy
riObUEbxSP6zQGvCU4Ws6PNREJiElvJr7y29U3gSUZ9NeT26evyLJDItCjwEcAsi
9bYQg5fHQkWMyFW5mB+lrCx8HTh+u0fwsGTCR05TpJuVubZuPH+v/5MT/FiMoqqW
JEgLwR8BuybOwQmzook2L8keWga2Drm1M48CM3JPKq8bvnOjb9N2K+CEfKiQrc4n
INOpVSsIjuTPCBmPXh5wc+8uosWOmucVRpGuGdAbAEIo9CZtP9+j8cK6lO9EQWWi
oDeTXJVzVJZe22DZdbaKYVcxDlCnhM8BbrvJgm6uDA+4jONwShvXdqM8Oqy52+7u
6u3zKhgk09M2OOVSgeGDdjwOskEXBWCO71cN8wR54PzLCqQUVLerfJWWTSxKtFNP
j9rBBwiZMe3fTYrD4ss6+I1Dp0JvS5M4h5/mL9wH2gSe46PRLKB3CVrkOCzCgC50
GAYEi7GDosLAvzdcWA7K
=wz7h
-----END PGP SIGNATURE-----
James McCoy (3):
uscan: Fix code execution vulnerabilities with --repack
uscan: Follow tar's recommended security practices
releasing devscripts 2.12.6+deb7u2
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new bc5ef29 uscan: Fix code execution vulnerabilities with --repack
new c05410d uscan: Follow tar's recommended security practices
new f4e4f13 releasing devscripts 2.12.6+deb7u2
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list