~ubuntu-branches/ubuntu/lucid/devscripts/lucid-updates

Committer: Package Import Robot
Author(s): Marc Deslauriers
Date: 2012-09-26 15:06:36 UTC
Revision ID: package-import@ubuntu.com-20120926150636-3jcu41p0fv3zp67v

Tags: 2.10.61ubuntu5.3

* SECURITY UPDATE: arbitrary code execution via insufficient validation
  in dscverify
  - scripts/dscverify.pl: perform better validation.
  - 22881936e53e6b585d3dc60f3161e9d704c5138d
  - CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
  in dget
  - scripts/dget.pl: strip invalid characters.
  - 79d27778321f7bb778097cfb7a724ae976fb4fbd
  - CVE-2012-2241
* SECURITY UPDATE: arbitrary code execution via improper argument
  escaping in dget
  - scripts/dget.pl: escape $file better, and call system() with proper
    arguments.
  - db49f493baaac2387a4dd76370c1018109e31dfc
  - CVE-2012-2242
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
  - scripts/annotate-output.sh: prevent symlink attack.
  - 1bbe2163987c53064a4cd57712927f4b06c01032
  - CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
  - 252a42d225f489e398f3c0402c1f7d1e9a4451c0