[devscripts] 01/01: Retrospectively add now assigned CVE for shell injection vulnerability
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 2 07:14:02 UTC 2015
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch master
in repository devscripts.
commit 55a22e00f9a43972b04d257eda40ce014b2b23dd
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Sun Aug 2 09:09:00 2015 +0200
Retrospectively add now assigned CVE for shell injection vulnerability
Gbp-Dch: Ignore
---
debian/changelog | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 3ff016f..87ea8d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
devscripts (2.15.7) unstable; urgency=medium
* licensecheck:
- + Use Dpkg::IPC to run file to avoid shell injection. (Closes: #794260)
+ + Use Dpkg::IPC to run file to avoid shell injection.
+ (Closes: #794260, CVE-2015-5704)
+ Change whitelist of mime types to greylist of encodings. Restores
ability to check files with mime types like text/x-c++ and
application/postscript. Thanks to Jonas Smedegaard for the patch.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/devscripts.git
More information about the devscripts-devel
mailing list