-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 20 Oct 2015 01:02:12 +0200 Source: tardiff Binary: tardiff Architecture: source all Version: 0.1-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Axel Beckert <abe@debian.org> Changed-By: Axel Beckert <abe@debian.org> Description: tardiff - Tarball comparison tool Closes: 802098 Changes: tardiff (0.1-2+deb8u1) jessie-security; urgency=high . * Add patch to fix miscalculated statistics. (Closes: #802098) * Add patches to fix two security issues: + CVE-2015-0857: shell command injection through file names + CVE-2015-0858: /tmp race condition in handling temporary directory Issues found and reported by Rainer Müller and Florian Weimer. Additional necessary changes: + Add new run-time dependency on libtext-diff-perl. Checksums-Sha1: 1c34b3a703ba308bbb71ad5fe352762507446b65 1823 tardiff_0.1-2+deb8u1.dsc 1f1bcbef432433f3b506eb272a3a588dfeafd7d3 1991 tardiff_0.1.orig.tar.bz2 5ab2824394c1ca669ffcf328f5e26ee8ce7fa90a 4556 tardiff_0.1-2+deb8u1.debian.tar.xz bf578f43cc217f52e46dedc61387621bcf8ce8cf 5348 tardiff_0.1-2+deb8u1_all.deb Checksums-Sha256: 56728295df182c22a0333169d065a30abfc8fac19db5a3ee41dfca4df095abd8 1823 tardiff_0.1-2+deb8u1.dsc 58f86a33b268bb7a30c1fa0e5b4d9a44434e1e5c5b7b7ba70d1a8e43f77ad765 1991 tardiff_0.1.orig.tar.bz2 e03ac06fe4dc53956b12db73276a39e364d8f5af7bf0a0349e283f1e758eb633 4556 tardiff_0.1-2+deb8u1.debian.tar.xz f6f7aca2d5c2d0ad834d0a31a669bae0c282b1b4749184ba98633ebf8195a76b 5348 tardiff_0.1-2+deb8u1_all.deb Files: 8d5db4efb1db2df2e56592e82683eef4 1823 utils optional tardiff_0.1-2+deb8u1.dsc 57d5619831796a40cf426c85dccadf42 1991 utils optional tardiff_0.1.orig.tar.bz2 65c1fd4fcff430baf4f0f2d36f8380f9 4556 utils optional tardiff_0.1-2+deb8u1.debian.tar.xz dc29b4e865f929d2389a6bc510655ac0 5348 utils optional tardiff_0.1-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXIWLvAAoJEC/5zVlhJha1TccQAKkdFtTnwxUlg7l/A6NgHXgw mxcIY3fEF0BdnQhk2TRFQmtgMpcY/J4dTlOqf3DuvDKZ6nneO/dSu7XWkc/rxd0R Ea70CUSyE6CGfrJD8h/POLT5w8tCCzJyNAQPD7lA77UhBha15xdfD7O6NMiPHWYy OYmEkyygd+6zYsgDS8f/Fuxcefjqd3v7QX4VpePKsP27DNkKq167OKFPr/Nfc+mm zLeF90mTL/lMhlpeWfTXwNX51tyUzmbpBotJfPGHdxcJlIlMMge/cc65T9o7bT9Y inbyZ8duftNgzoNUfPMIV8MT209635xTX6taHKeiw5ukZdvo7Tx5pBvFuhTEjLUB 20Wn+9iQ+orS3FBFo4i8ZnWiRdGpifDHydjQ5KWws+voBLTzzcsTBgcH58l5KYF4 xxEK00rsvoDm9QtEoJV5aPmEq5Cl8gA3zG2r6/Hb9QQigft7OzX2598oTLEqpnLN gMRLx29AXyEfKNMnayFnJ1RWgkB+V4wl/+UJhxDVhmjVpkP8xNw762o+abMz5lpi okT2oPmD5Gij87KL10yUSZuLbMIt/zR/HdMZJSbJnD8vzroLY5LOPQ4XKfE+j1hj pBmn713EAusERQRHZbrGQMezUlO+YZ8fvPhhLn3MsiC0OyZEnUbAbvCCLYhIYbsy xXYaLFCM31KzMSHKno7p =45T4 -----END PGP SIGNATURE-----
