Debian
dpkg package

dpkg 1.15.11 source package in Debian

Changelog

dpkg (1.15.11) squeeze-security; urgency=high


  [ Guillem Jover ]
  * Test suite:
    - Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
    - Add test case for patch disabling hunks; not security sensitive.
  * Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
    traversal attempts from hostile source packages when unpacking them.
    Reported by Javier Serrano Polo <email address hidden> as an unspecified
    directory traversal; meanwhile also independently found by me both
    #749183 and what was supposed to be #746498, which was later on published
    and ended up being just a subset of the other non-reported issue.
    Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183

 -- Guillem Jover <email address hidden>  Thu, 05 Jun 2014 22:52:45 +0200

Upload details

Uploaded by:
Dpkg Mailing List
Uploaded to:
Squeeze
Original maintainer:
Dpkg Mailing List
Architectures:
any
Section:
admin
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Squeeze release main admin

Builds

Downloads

File Size SHA-256 Checksum
dpkg_1.15.11.dsc 1.8 KiB 207f68ed5ef4888e26f1918c84a3400fa32fd09ad098600ff7b4b9e6d8398c63
dpkg_1.15.11.tar.bz2 5.0 MiB 7db2e5e23147e4159d95345dce420236a4af2c0ecff0a38dadee35160bb6f739

No changes file available.

Binary packages built by this source