Debian Package Tracker

From: Guillem Jover <guillem@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted dpkg 1.16.15 (source amd64 all)
Date: Sun, 15 Jun 2014 21:33:14 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 05 Jun 2014 22:24:36 +0200
Source: dpkg
Binary: libdpkg-dev dpkg dpkg-dev libdpkg-perl dselect
Architecture: source amd64 all
Version: 1.16.15
Distribution: wheezy-security
Urgency: high
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
 libdpkg-dev - Debian package management static library
 libdpkg-perl - Dpkg perl modules
Closes: 746498 749183
Changes: 
 dpkg (1.16.15) wheezy-security; urgency=high
 .
   [ Guillem Jover ]
   * Test suite:
     - Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
     - Add test case for patch disabling hunks; not security sensitive.
   * Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
     traversal attempts from hostile source packages when unpacking them.
     Reported by Javier Serrano Polo <javier@jasp.net> as an unspecified
     directory traversal; meanwhile also independently found by me both
     #749183 and what was supposed to be #746498, which was later on published
     and ended up being just a subset of the other non-reported issue.
     Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
 .
   [ Updated programs translations ]
   * Merge translated strings from master.
 .
   [ Updated scripts translations ]
   * German (Helge Kreutzmann).
 .
   [ Updated man page translations ]
   * Merge translated strings from master.
   * Unfuzzy or update trivial translations (Guillem Jover).
Checksums-Sha1: 
 be105c05324861a6864c782031ee04a9e52f1ca5 2016 dpkg_1.16.15.dsc
 c034f88c1ea9d8df7c5a84cc04bb7749e2b3617a 3800328 dpkg_1.16.15.tar.xz
 7dfd3227baecfe2ad664d50d6a55ba4f9cf83b02 696352 libdpkg-dev_1.16.15_amd64.deb
 7d947c681e58819378f602b285bb4fbc5ecce669 2656714 dpkg_1.16.15_amd64.deb
 52e908a53fda707b37479dbb5268dd878a8ef412 1159292 dselect_1.16.15_amd64.deb
 113be782cd7f9c6b9e3b55c55ecf50be1ca0d95e 1355958 dpkg-dev_1.16.15_all.deb
 47c95b017e2d3f914921bbf721e264312d815f0b 957964 libdpkg-perl_1.16.15_all.deb
Checksums-Sha256: 
 00f01b04878d80d40e8d9420e5d35200101c5201f4fad36d4197a50a1d4c465d 2016 dpkg_1.16.15.dsc
 92bca9901ba2d9300be42f6de8dbea59b8367a918a2abeeb47d2176c9cf86b55 3800328 dpkg_1.16.15.tar.xz
 cf9fd73f4c8f54451ed9f2418737e232c0c9dc8907867af22c96ba649e60d248 696352 libdpkg-dev_1.16.15_amd64.deb
 47831eef504efd77a3998a5fecea04c278ba4d5512405e9da42008f38d726413 2656714 dpkg_1.16.15_amd64.deb
 4370e54fd4743969ffb86b53905ed7b96f8735eb0e9367a25eab98223306be88 1159292 dselect_1.16.15_amd64.deb
 ac4b9142ba4653faed8b902a39115a97ecc40ded51e67d01634f19389a39ba17 1355958 dpkg-dev_1.16.15_all.deb
 18a40e9f826f7ada39a03356924b86f14cc342e2ee0209459e394c89095b8073 957964 libdpkg-perl_1.16.15_all.deb
Files: 
 3e0e5af42ed579f3bf721ea1a7020033 2016 admin required dpkg_1.16.15.dsc
 0e7d105a57839cdab2b0bf5e3612442f 3800328 admin required dpkg_1.16.15.tar.xz
 8db3cf1534386da5215c1916ba1fa38a 696352 libdevel optional libdpkg-dev_1.16.15_amd64.deb
 11948b8a099f6e51b8deea79f4b92916 2656714 admin required dpkg_1.16.15_amd64.deb
 7f4a898524458a347e24297b50639b7f 1159292 admin optional dselect_1.16.15_amd64.deb
 4ad8e09db95f05eaa558ee621954be53 1355958 utils optional dpkg-dev_1.16.15_all.deb
 b098ae11ce598105b700dbba5613f781 957964 perl optional libdpkg-perl_1.16.15_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCAAGBQJTkN8dAAoJELlyvz6krlejp14P/iqmUqt7Kk2B4AxPaOEONHkY
Pe9lT/72tUfvWq1q3Xws2RH7kyf9EgbXPtzljkD+mwEq3pVstSfhgzbmgbafRpti
kxDRrgRx2szQDW5YwKQtoDjpcnoaNg+2XXTFW/bZ2BQ1tWkIEyTacdhKhECenU2G
xw9/jQAvLClex9G1AE09LtyBR50IJVL2yPgCSUUu6stzVMcJPt8Zr9wGXDlc0Bq8
CwNA6wjNQOZQNsAFKAwIgRNKRDjGbCaqGJkTIJzw5kzoHMoR4SBKclHfVbC24nBg
VYEEdkj1E4/kYuNcYrCW3iJP5PuQKTfsu21IowORf1htN4T+07mPBZ/Gy90j0OfS
6oGMPfzzrntEBjSKuz4n50f8pwUHMYNxzTyVSb/XaBWPMeasrZs85sc8si11VvMa
LnxAyV9pCXXhKW9zqoojtsOLcz6cm/ypk1Pua9UaEsy+317Cv76fhqWJFpvzHFRV
52UtjxNRwojFtPUnloJ4HXIVe227hZ8JhRWxL8ottOpVYlphCHAzv7n8hIFMv/c8
ZVvZitX2dQBMrFBoMNbFI5YTjIQ7rACSjpZsHQdY4A9BDjsrNZBNW4bD9e1O20wi
vHM6wXi6ujzBjQ/POAYu1fdBb514R4ihFrG2iUvPF6EKaJAEJAgU+rY9PuiiA2Vw
wK84p9QsUKk8IOMJo7Vq
=HssJ
-----END PGP SIGNATURE-----
News for package dpkg
