Debian Package Tracker

From: James McCoy <jamessan@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted devscripts 2.13.9 (source amd64)
Date: Mon, 23 Dec 2013 21:19:17 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Dec 2013 15:28:45 -0500
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.13.9
Distribution: unstable
Urgency: low
Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description: 
 devscripts - scripts to make the life of a Debian Package maintainer easier
Closes: 732006 732807
Changes: 
 devscripts (2.13.9) unstable; urgency=low
 .
   [ Martin Pitt ]
   * autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
     of the HTTP server log on stderr.
 .
   [ James McCoy ]
   * uscan:
     + Repack the tarball and verify it is a compressed archive without
       allowing arbitrary code execution.  Fixes CVE-2013-6888.
     + Use find's -exec to call rm directly instead of piping to xargs.
       (Closes: #732006, CVE-2013-7085)
     + Follow tar's recommended security practices
       - Use --keep-old-files --no-overwrite-dir
       - Ensure parent directory of directory used for repacking archive isn't
         accessible to other users.
     + Fix handling of 'dirname' exclusions, so 'dirname/*' isn't required.
 .
   [ Salvatore Bonaccorso ]
   * uscan: Fix unitialized value warning when copyright is not in
     copyright-format 1.0.  (Closes: #732807)
Checksums-Sha1: 
 7cf6d01aada59211f64fbe6615047455b32a20d2 2123 devscripts_2.13.9.dsc
 3441585a591f4075f7b8d7aa8bf73a88697bdd6c 578684 devscripts_2.13.9.tar.xz
 d1527931206b5be9e5ebdea815457d9e2dd120c0 863220 devscripts_2.13.9_amd64.deb
Checksums-Sha256: 
 db88d5279c8141ac79a40746c930230dfe592d101d3e9bff7bb1d9fe2125893b 2123 devscripts_2.13.9.dsc
 78e63e02ecd204ca8157693dc5969eddaf1312d26b572f5dd6ab646ef674c916 578684 devscripts_2.13.9.tar.xz
 a56ebd01870f9125fe2e2b9dcd5fef089c1569e680e7c193f6a81ec568c55726 863220 devscripts_2.13.9_amd64.deb
Files: 
 f600b7a860947ed4c62f800f4555a7b3 2123 devel optional devscripts_2.13.9.dsc
 a55e715d41cd45c465fa937683e8e5dd 578684 devel optional devscripts_2.13.9.tar.xz
 c46e70249eade032df77eb259b6161b9 863220 devel optional devscripts_2.13.9_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSuKD/AAoJEN/mka4zG6Pb2nEP/1WZ2ZIMjoGBqTUcfLBOu6Bc
oxbrr8X4Lptu8/fiuamR7O6AC18PzR9DnAH5oI5f77sKuk2FzFivz5+dqXJoSz9n
7vXSTpe5wYWxdGGmRkS6xuORRBAhWrLUw+fAFQ62RKVvi/V6PMa/zS39TDlPerCc
LS2nmfYHuSQQv+mjs0wwpC9qJdm7uJhaVgefT8KX8tEgmH8WKzrnMyMmCo/nFmVj
IgZzjLKSnYmeSjuY8IkbwEv6ql8x1uPyzCrPyh4G/8RUH3uxEXspIXl0ZE6qIGMJ
kq5ntap3+CgPeEjVHtkPjLXWYMFbhWM5bL6tB43zuSKk48eyo3NNpLOoBsRKbt5y
Oj1khw9ACLfL8p3aFUjcPgF7B+Pq4FgvRGu4rOGM3ew8Cy5kCo6NaOo4zHIyNvz9
gsdQyym8K3DYHfHlNZLkSBczm+2uA4UmJCE4Z4tzyi5dmW+QMP2aylFKcPx5mNME
yVWGg0eF8XLSYmuRvHz7XYlYwEUE69RocdlLCxjvaIsW5hc6fb/SwIXU4ZKyUzyv
y/NsQytt1Q2plVEcwWudDoAwwfpas81FFQur/GmYJUNffHXBlPOrp1FFVuK2nCKK
AlgK6YrXpxzbuNUp5oSSVfrp9vPY9phDJtWkosSF9fNL3FiwZue6nXXdj/VinlTk
hpExeObUPv98TbZBYgQg
=wVIH
-----END PGP SIGNATURE-----
News for package devscripts
