-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 15 Feb 2012 19:19:31 +0000 Source: devscripts Binary: devscripts Architecture: source amd64 Version: 2.11.4 Distribution: unstable Urgency: high Maintainer: Devscripts Devel Team <pkg-devscripts@teams.debian.net> Changed-By: Adam D. Barratt <adam@adam-barratt.org.uk> Description: devscripts - scripts to make the life of a Debian Package maintainer easier Closes: 601951 659559 659946 659966 Changes: devscripts (2.11.4) unstable; urgency=high . * Urgency "high" for security fixes. . [ James McCoy ] * bts: Revert usertags' handling of more than one +/-/=. Only the first one is relevant. . [ Ryan Niebur ] * dget: when finding the sources.list entry for the repository to download a package from, match any port with the correct hostname because apt-cache policy does not output port numbers in URLs (Closes: #601951) . [ Adam D. Barratt ] * debdiff: + Fix a regression in the handling of embedded tarballs (a side effect of the changes introduced to resolve #571528). + Extend the changes from #571528 to cover more situations where user or file input is passed to an external program. Fixes CVE-2012-2012 (and any instance of CVE-2012-2011 not already covered by #571528). . [ Paul Wise ] * suspicious-source: Also ignore mercurial and darcs VCS directories (Closes: #659966). . [ Benjamin Drung ] * suspicious-source: Add inode/x-empty to whitelist of MIME types (Closes: #659946). . [ Raphael Geissert ] * debdiff: + Remove undocumented feature treating extensionless files as if they were packages (Closes: #659559) + Add missing chdir for dpkg-source and remove extraneous quoting of --exclude parameters. + Fix CVE-2012-0210 (insufficient input sanitising reading .dsc and .changes files). Checksums-Sha1: 9d1b2f78c6d772d85caae95fa95421e58e3c1fde 2264 devscripts_2.11.4.dsc b0114a50b89f9197846bf78283ee9ef3803658ec 767426 devscripts_2.11.4.tar.gz 21aea3a3e10c66f759234051f48e2f5528820e5d 700988 devscripts_2.11.4_amd64.deb Checksums-Sha256: db60d2fdff1468a1cf47b0011fd3dffe48c0f38037348db7c73a0aa618145b78 2264 devscripts_2.11.4.dsc bff276ce6dcdc0cb636b0bf5dee62fb5750afb7d46fc6fa4578784a56050db05 767426 devscripts_2.11.4.tar.gz f0ba8d7b3e245c765a1e6e72a31e97cd8797651a74d524e0894c13e081c0a0dd 700988 devscripts_2.11.4_amd64.deb Files: c9f82e1988b87b45256397df72613765 2264 devel optional devscripts_2.11.4.dsc cdfbf28c556ea3b82097ae18579d4503 767426 devel optional devscripts_2.11.4.tar.gz feaf99fe177ae297af4ce7665e245cdf 700988 devel optional devscripts_2.11.4_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPPAoLAAoJEMXOXcLFQs1Z0a8QAK7C1WVYr1X3KmLDUfo6v/AM Ua6HpXeENLUXkvAI9FRxXw0FEHc0GJWIgpChKBkfrmk0S4FIjWp6V0eWw9xc4b8+ wxWcEF6tkBIgb1k87db9SGqNVOifJWysjzLgfMG6HcBhBywgOyHyV4z4r0gEBc36 A4M6J/baiHXSbgOYuDW1MkRqcf6fta2O03WcYsPo3bMWt2712RWFk9lFF0hfk/59 +WbIly4Zy4WiHtRpqQlJ3D1B3l/bBznxvptP85H+StSs24M5woQ7KE+W1I0gH59r a4Rol+DlW8gvPwG4M4F9LxgBY3L9dGzQmqRiBKbZDmfVSCTQTx/xHHumgGwfeSZ3 e2q0AmRcIe10x4WR98q5vR7IwHmruhg7Exxaw8jT3Hdf31Z97H+RK6Rj4iqvfu0X ldKItbwTkjs3roLL5AD6q7PkxYW85zQ21ttNwbs+WUtmLmqTJiRUC8UlpJRGzJlu +39dN4ctz1aJnuri2xKDFJ8GtsUN6QNJXUF6/guvQoDtBlfKD/7FiAjIcWyuUKM9 2QCMJ3Kbn6g5D0pHVE0PTZ7UP16AsPMnGBm4ACJ2EZNbKDo6sh7xJhvVHH6DeXDy BXNjgRWshIgRSQ1nCkQYkxP8j3Sm1XQCXgL5+uncLX4611NjfJtQz6y4zWDIa9j/ CjADTuKD4coLESwBB499 =87Fn -----END PGP SIGNATURE----- Accepted: devscripts_2.11.4.dsc to main/d/devscripts/devscripts_2.11.4.dsc devscripts_2.11.4.tar.gz to main/d/devscripts/devscripts_2.11.4.tar.gz devscripts_2.11.4_amd64.deb to main/d/devscripts/devscripts_2.11.4_amd64.deb
