Debian Package Tracker

From: James McCoy <jamessan@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted devscripts 2.12.6+deb7u2 (source amd64)
Date: Mon, 06 Jan 2014 22:47:39 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 23 Dec 2013 15:24:03 -0500
Source: devscripts
Binary: devscripts
Architecture: source amd64
Version: 2.12.6+deb7u2
Distribution: stable-security
Urgency: high
Maintainer: Devscripts Devel Team <devscripts-devel@lists.alioth.debian.org>
Changed-By: James McCoy <jamessan@debian.org>
Description: 
 devscripts - scripts to make the life of a Debian Package maintainer easier
Changes: 
 devscripts (2.12.6+deb7u2) stable-security; urgency=high
 .
   * uscan:
     + Repack the tarball and verify it is a compressed archive without
       allowing arbitrary code execution.  Fixes CVE-2013-6888.
     + Follow tar's recommended security practices
       - Use --keep-old-files --no-overwrite-dir
       - Ensure parent directory of directory used for repacking archive isn't
         accessible to other users.
Checksums-Sha1: 
 8abf9da46a7f556d3ea2a7df3b5a6f1862fa26e2 2327 devscripts_2.12.6+deb7u2.dsc
 b9c2554aa0b29c4f89e6ebb048f350b424c026da 995606 devscripts_2.12.6+deb7u2.tar.gz
 3f0ae2ceb64d2f60f8c8e5aa2344631166fd5181 876712 devscripts_2.12.6+deb7u2_amd64.deb
Checksums-Sha256: 
 af1190c241549e65a9b6ccf02195f350f615fb0c31890385e92e827d7d2ea36b 2327 devscripts_2.12.6+deb7u2.dsc
 f93e1217e9602637fc24960341bc635b995a9d6cb996c2bed7fe0d0f1e924677 995606 devscripts_2.12.6+deb7u2.tar.gz
 8cd1f811b2f3d6e657f1d759c1e92c8eeb0852e4f5456be96169e05ee4775fb5 876712 devscripts_2.12.6+deb7u2_amd64.deb
Files: 
 aa52c9354fd8ba003070a8ad771345e9 2327 devel optional devscripts_2.12.6+deb7u2.dsc
 05943032dba32d0ee19bb011c02183ee 995606 devel optional devscripts_2.12.6+deb7u2.tar.gz
 6041ea075b0e3b0a86565fa0b7ce6fbb 876712 devel optional devscripts_2.12.6+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCgAGBQJSuKF2AAoJEN/mka4zG6PbmGUQAK0NC7Evl43o0Zfq6mkLIJzR
V/trztMNXbmOUW/l1PpJ1EXWqyYKn0pbVUIYcKpdJere1pnfsErORjXIXH+SWq0S
NDIPlq/RSoOBLeppBPLWqbb1WctijoQZWq3XdQTbQZEkgSfYGcVNFTV/3hDtxHcH
B/HTUGXFHjqcR9CMwNKtwPDhKBySKrkNuRtKvsvxrOilu/DOcFjm4S9ZWTnCjtyS
bE7kUKNhLgzAhLwQDMP/CDtdGCQEz2h2VFaRutGOgxClng4DnsxE7lw9HLnrL8tN
7LyixWVkcYrm02QtcCynYzy9t89wK/7Xy1azZKRkgAYCddhRJhgWKw2DqhkpcENd
OPfD4Dr4RDJsx2bcgJKIhdejksjpd0FcC6/7o0oqaWrjhMkaI74nDycltUbLCp4M
1ud6LDUcaFDPVFwZOPvSKK0fbqTLp6sVQXf2xL34leqT9EQIOxVUVyRDZ+KmucxM
xZmnt+Vrb3cstekSqWF5gs5Kjc0DS1oDNEmCe1cE0gK37m0NxwxZytLOT3qX+Gw4
hNols5fe3DPwBnPW/GMY+Vi76ysch6KcNZrZ+a2o4CoOHjkfWdnXOxymcfXkql3C
Sw3NgtgnyaX2kZ5YSh4kGgFkzf3JuAQ0QoUxNynPWYl4oUgnDqUC03nNxNUmMBJx
tnspEiEUH48tlm+WrP9s
=b+rX
-----END PGP SIGNATURE-----
News for package devscripts
