-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 30 Apr 2014 05:45:20 +0200 Source: dpkg Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect Architecture: source amd64 all Version: 1.17.9 Distribution: unstable Urgency: high Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org> Changed-By: Guillem Jover <guillem@debian.org> Description: dpkg - Debian package management system dpkg-dev - Debian package development tools dselect - Debian package management front-end libdpkg-dev - Debian package management static library libdpkg-perl - Dpkg perl modules Closes: 746306 746331 746350 746354 Changes: dpkg (1.17.9) unstable; urgency=high . [ Guillem Jover ] * Do not allow patch files with C-style encoded filenames. Closes: #746306 Unconditionally fixes CVE-2014-0471. * Switch alternative database backups from xz to gzip. Closes: #746354 * Do not leak long tar names on bogus or truncated archives. * Do not leak the filepackages iterator when a directory is used by other packages. * Fix short lived memory leaks in «dpkg-split --split». * Fix memory leak in unused Keybindings screen in dselect. * Do not leak color string on «dselect --color». * Fix memory leaks when parsing alternatives. * Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX. Although this should not have security implications as the buffer is surrounded by two arrays (so those catch accesses even if the stack grows up or down), and we are compiling with -fstack-protector anyway. * Mark the command_get_pager() tests on a tty as TODO for now, so that we do not get failures on build daemons. * Make test suite errors abort the build again. Closes: #746331 . [ Updated scripts translations ] * French (Steve Petruzzello). Closes: #746350 * German (Helge Kreutzmann). . [ Updated manpages translations ] * German (Helge Kreutzmann). Checksums-Sha1: 744b7ca070758a06ff2b4e5f7bc029833ac6b2dd 2051 dpkg_1.17.9.dsc 9e49682e77929217da9b88f570be192c4276506a 4051292 dpkg_1.17.9.tar.xz f559a84afbf319e2436632d65c4ecbbbb914d5fe 780370 libdpkg-dev_1.17.9_amd64.deb e83f48909ec6c2771429daafc29ca56ca70a95f3 2674880 dpkg_1.17.9_amd64.deb c5dd624c5855eb3b33e4779be4728452051453ba 1042774 dselect_1.17.9_amd64.deb 43183a9b438ac8b0c469da9e1133414b495d6370 1421568 dpkg-dev_1.17.9_all.deb 75481fa5fea4380978ea1d23151b39abcd592716 959148 libdpkg-perl_1.17.9_all.deb Checksums-Sha256: 63c7570f96b2228a04bcc7351b63c342f125a97b1ea47bd30c97197af9ad01b8 2051 dpkg_1.17.9.dsc da58389a80a3515ea12aaf10c9e48f84ee6c08d2fe2c9e1450f4df49ffeeb6aa 4051292 dpkg_1.17.9.tar.xz bfc333b4d369823b8ae80a2df0c6dbc60474212f462c6c67a9cb8a48a9992b83 780370 libdpkg-dev_1.17.9_amd64.deb e0b86bed6cecb2a99b79dee0718522d0f9f751355f8f323cbb3c34a3aa1ec94f 2674880 dpkg_1.17.9_amd64.deb d8bb1a550313150285dc10974534fcced7ddb127713fcf5944ff660e3484f2be 1042774 dselect_1.17.9_amd64.deb ef375c0f35faef02f4f4e4a5fca6dbebeb3f1ffec2f55231ede88071ced56e15 1421568 dpkg-dev_1.17.9_all.deb 399e5df6ead0127fd60ada3e91d6b277d5eccca95f038daef575cba0e37fc4fb 959148 libdpkg-perl_1.17.9_all.deb Files: 33ef1f167613f458252837ba3576cf7d 780370 libdevel optional libdpkg-dev_1.17.9_amd64.deb bb89d3dc43cf694aa8b1e9907d8fc763 2674880 admin required dpkg_1.17.9_amd64.deb 3a86c3659b935d0d10f10177170326aa 1042774 admin optional dselect_1.17.9_amd64.deb df82eada5d4715f2ae154531896fc9af 1421568 utils optional dpkg-dev_1.17.9_all.deb e8c0d86420a6792d3929abb77d322240 959148 perl optional libdpkg-perl_1.17.9_all.deb 505c25bb1c0e299f37323c16c5775317 2051 admin required dpkg_1.17.9.dsc 088e60aca2b2e14dcf4450a0d1cb2ef0 4051292 admin required dpkg_1.17.9.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCAAGBQJTYJO5AAoJELlyvz6krlejql4P/3LBwRUuaFEafOA4mrYmH0m6 FthTsFBZlc3URhAEzoFpd9b3r00Q0DvGSbHY/VNWLM7L2KmJ2RqcfGFuybO8xrck 8eq4mJfl2tcFfQprHDkuulbmgmHx8COKl3f4UVkYUHIKJlDqmrqlYALkAZPW3o1U dD6mB2F5iJan/VZOS8hhLePLxmR/b2RYMnFFZKc6EUCaiCm2mI8tlifsKsXv+WIV ozcz6AEZDQxdy3MMgskTCoNbMP7h/AFn7mVq0lbWGzYDj/EDLcibJlX8Sh58X+xl 8fGTMfFVhNw2j/YU7rj9j8MYtqfkLim2rWK6j1/ov/dyB1mEZ6sGXJ3CAS0YwXod UEgOACScl1tyD+trG/y7dKp4K3SR54kOpCtGHjvS9IWsHgFJsJLKP8bmj0RzE+Ey c58uoJ3q6IHDNyIuB164Axoo7yEM6Dv1TDtn8vDwC13jCq8l1BqwRkl83xniptKE gfuBvqEAo5+jUpfer+iZ3K2ZBiStsyoaF4EH8wDj76m1FptjzTW8Yf4SbByfXYNp XJ+qlQjpWeSvZ9n8xELdYQ2GItu2ktIoDIG/TeLfFSrW4hl9qdX05vIGoTOoZJs+ UoPG/sSQDZ44SdzpjlEXIXm+reXAzxKnJrxOuuHz1zSVj6k6paA8dpGDjV1BLPDE WJ+KEAGOTeH9dVRO7jaJ =M6+t -----END PGP SIGNATURE-----