-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 26 Aug 2012 11:16:17 -0400 Source: devscripts Binary: devscripts Architecture: source amd64 Version: 2.12.2 Distribution: unstable Urgency: high Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org> Changed-By: James McCoy <jamessan@debian.org> Description: devscripts - scripts to make the life of a Debian Package maintainer easier Changes: devscripts (2.12.2) unstable; urgency=high . * annotate-output: Fix to prevent symlink attack: don't delete safely-created file and reuse its name. Instead, create temporary directory and create FIFOs therein. Also, be sure to remove temporaries upon catchable signal. Thanks to Jim Meyering for the patch. Fixes CVE-2012-3500. Checksums-Sha1: 10d88356f035ce2d92b21e813841b0aa19ee8a4a 1659 devscripts_2.12.2.dsc 1fc06a997dbac1f2047be19174cfe7c8ca692449 784867 devscripts_2.12.2.tar.gz 7581ce66f437d957970ee62a0ea2795974de51df 706688 devscripts_2.12.2_amd64.deb Checksums-Sha256: 8988fa6e43f2e429565292d6895c5509f27dceb272af6998888d6c98ef02f8be 1659 devscripts_2.12.2.dsc 7a8f50656c7b242d3de75b2c7bfbd86506debc1c553513e7fea5048d4bba81ad 784867 devscripts_2.12.2.tar.gz 446106fb4f257d38bead11fa1206c01acb579f7e2a8b2bc3390386699b472551 706688 devscripts_2.12.2_amd64.deb Files: 2c11ba14b68e9d460555140b63c82b6b 1659 devel optional devscripts_2.12.2.dsc b97eabec42589b50fccc09ddd2d83dbd 784867 devel optional devscripts_2.12.2.tar.gz 166ae623b2dc0f86b0c865a5902a0b09 706688 devel optional devscripts_2.12.2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlBCIVQACgkQDb3UpmEybUAevQCcDB0srIIYahpySOuYzmAUoBew QAYAn3qdJC8HnQmiaEsQTdjlZBCW/nCb =News -----END PGP SIGNATURE-----