Debian Package Tracker

From: Axel Beckert <abe@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted tardiff 0.1-3 (source all) into unstable
Date: Sat, 17 Oct 2015 16:26:00 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 17 Oct 2015 17:20:17 +0200
Source: tardiff
Binary: tardiff
Architecture: source all
Version: 0.1-3
Distribution: unstable
Urgency: high
Maintainer: Axel Beckert <abe@debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Description:
 tardiff    - Tarball comparison tool
Closes: 802098
Changes:
 tardiff (0.1-3) unstable; urgency=high
 .
   * Add patch to fix miscalculated statistics. (Closes: #802098)
   * Add patches to fix two security issues:
     + CVE-2015-0857: shell command injection through file names
     + CVE-2015-0858: /tmp race condition in handling temporary directory
     Issues found and reported by Rainer Müller and Florian Weimer.
     Additional necessary changes:
     + Add new run-time dependency on libtext-diff-perl.
   * Declare compliance with Debian Policy 3.9.6 (no changes needed).
Checksums-Sha1:
 2425e7d8b797f6bd96bf7cf40484a3f12d845b0e 1795 tardiff_0.1-3.dsc
 56af41cbb38835a1bb76a8bab7ea05e95473c198 4556 tardiff_0.1-3.debian.tar.xz
 a75c2eb9199526b7e8a027e7a3e212a963a71990 5260 tardiff_0.1-3_all.deb
Checksums-Sha256:
 b02a2adf36c51a001bca2370b3a8bff72c91683ed63f7b185801c03b91e67c91 1795 tardiff_0.1-3.dsc
 dd89c216e085a63377f8a508a575792aa068a7559929186eb896c5f6c9d37653 4556 tardiff_0.1-3.debian.tar.xz
 cac509f987857d0765da32840748b6ea16891cc3a06306822b6a0343c5d474ac 5260 tardiff_0.1-3_all.deb
Files:
 4b713c1e29e2c500e909c45ea6d51b40 1795 utils optional tardiff_0.1-3.dsc
 9f4149b2523502af54b150e618940a60 4556 utils optional tardiff_0.1-3.debian.tar.xz
 63871cf20ea60ec24c5360b885af9f9c 5260 utils optional tardiff_0.1-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWImgwAAoJEGvmY8daNcl1SAoP/10oEiqa/2ackGLnkW0+zgEq
Quo7W8z8PCbkRv+8pvEw/ZsWzWMYpCVMWJp1fv4y+EDkwJgosQZ3dotkJRzQqn38
aFql7HvqwcRf0JlWXRC3sySxB3ot7lahueCbDuHfcTYEn6+OAMVbikZOCEbBItBM
MeXSNbqgZAkjbxSpQ1ZYcrdO8vl7jbRERXzOGRN4OATYQtiBoBew/LRGyHLxsOQw
xAWkhRGqw+KuelION1S4SOE1U+SB/+vKXK/cSC6t4tiuuTx9glAKPxhYXyQ2eY14
LWpt3Tacw0Ci6XVE3nZF68LIhJH/Rp1+GOx3cnOvzhK1pxvPfk4TO2OiJGzNkr44
iDsHbCj0PnPu5Cy5+7ijYz9m+8mqTzlSMTIeUJ7ji6r39s1yFD9Egpno7+rWGvD6
cnFlsWntdMrFb6jpbrQFA9DuCs/eI1q20ssAV85JrMdCW6yFr4p/6hM1h9A5sGG5
/LegYkl8H4X+L0F/oG4sLD+E1ZKSBsyx6Of/IYObHHUCohRUxDH2eomtOu+QA4p4
ro7KBgxHRzp9TWUHReATX5gD4hMNc+EewegGOq4p1hWoIQ2QbA0In84FMeBrIG6y
4v4pQhyNokX3vXF1flPCKE3lbOmpE9+8GZReMqpqQqPXKyg0AbCFstTzlQG5AWhg
I9uO9JFgTugnxz6glpbK
=QnZc
-----END PGP SIGNATURE-----
News for package tardiff
