-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 17 Oct 2015 17:20:17 +0200 Source: tardiff Binary: tardiff Architecture: source all Version: 0.1-3 Distribution: unstable Urgency: high Maintainer: Axel Beckert <abe@debian.org> Changed-By: Axel Beckert <abe@debian.org> Description: tardiff - Tarball comparison tool Closes: 802098 Changes: tardiff (0.1-3) unstable; urgency=high . * Add patch to fix miscalculated statistics. (Closes: #802098) * Add patches to fix two security issues: + CVE-2015-0857: shell command injection through file names + CVE-2015-0858: /tmp race condition in handling temporary directory Issues found and reported by Rainer Müller and Florian Weimer. Additional necessary changes: + Add new run-time dependency on libtext-diff-perl. * Declare compliance with Debian Policy 3.9.6 (no changes needed). Checksums-Sha1: 2425e7d8b797f6bd96bf7cf40484a3f12d845b0e 1795 tardiff_0.1-3.dsc 56af41cbb38835a1bb76a8bab7ea05e95473c198 4556 tardiff_0.1-3.debian.tar.xz a75c2eb9199526b7e8a027e7a3e212a963a71990 5260 tardiff_0.1-3_all.deb Checksums-Sha256: b02a2adf36c51a001bca2370b3a8bff72c91683ed63f7b185801c03b91e67c91 1795 tardiff_0.1-3.dsc dd89c216e085a63377f8a508a575792aa068a7559929186eb896c5f6c9d37653 4556 tardiff_0.1-3.debian.tar.xz cac509f987857d0765da32840748b6ea16891cc3a06306822b6a0343c5d474ac 5260 tardiff_0.1-3_all.deb Files: 4b713c1e29e2c500e909c45ea6d51b40 1795 utils optional tardiff_0.1-3.dsc 9f4149b2523502af54b150e618940a60 4556 utils optional tardiff_0.1-3.debian.tar.xz 63871cf20ea60ec24c5360b885af9f9c 5260 utils optional tardiff_0.1-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWImgwAAoJEGvmY8daNcl1SAoP/10oEiqa/2ackGLnkW0+zgEq Quo7W8z8PCbkRv+8pvEw/ZsWzWMYpCVMWJp1fv4y+EDkwJgosQZ3dotkJRzQqn38 aFql7HvqwcRf0JlWXRC3sySxB3ot7lahueCbDuHfcTYEn6+OAMVbikZOCEbBItBM MeXSNbqgZAkjbxSpQ1ZYcrdO8vl7jbRERXzOGRN4OATYQtiBoBew/LRGyHLxsOQw xAWkhRGqw+KuelION1S4SOE1U+SB/+vKXK/cSC6t4tiuuTx9glAKPxhYXyQ2eY14 LWpt3Tacw0Ci6XVE3nZF68LIhJH/Rp1+GOx3cnOvzhK1pxvPfk4TO2OiJGzNkr44 iDsHbCj0PnPu5Cy5+7ijYz9m+8mqTzlSMTIeUJ7ji6r39s1yFD9Egpno7+rWGvD6 cnFlsWntdMrFb6jpbrQFA9DuCs/eI1q20ssAV85JrMdCW6yFr4p/6hM1h9A5sGG5 /LegYkl8H4X+L0F/oG4sLD+E1ZKSBsyx6Of/IYObHHUCohRUxDH2eomtOu+QA4p4 ro7KBgxHRzp9TWUHReATX5gD4hMNc+EewegGOq4p1hWoIQ2QbA0In84FMeBrIG6y 4v4pQhyNokX3vXF1flPCKE3lbOmpE9+8GZReMqpqQqPXKyg0AbCFstTzlQG5AWhg I9uO9JFgTugnxz6glpbK =QnZc -----END PGP SIGNATURE-----