-
Committer:
Package Import Robot
-
Author(s):
James McCoy, Martin Pitt, James McCoy, Salvatore Bonaccorso
-
Date:
2013-12-23 15:28:45 UTC
-
mfrom:
(10.10.6 sid)
-
Revision ID:
package-import@ubuntu.com-20131223152845-yv5wsbyopnnnunxp
Tags: 2.13.9
[ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.
[ James McCoy ]
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Use find's -exec to call rm directly instead of piping to xargs.
(Closes: #732006, CVE-2013-7085)
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
+ Fix handling of 'dirname' exclusions, so 'dirname/*' isn't required.
[ Salvatore Bonaccorso ]
* uscan: Fix unitialized value warning when copyright is not in
copyright-format 1.0. (Closes: #732807)