Comment 6 for bug 933148

This bug was fixed in the package devscripts - 2.11.4ubuntu1

---------------
devscripts (2.11.4ubuntu1) precise; urgency=low

  * Merge from Debian unstable (LP: #933148), remaining changes:
    - Demote Recommends to Suggests:
      + libcrypt-ssleay-perl: only needed for a corner case (uscan on SSL
        download sites), wasn't installed by default in previous releases
        either, and seems quite dead upstream; universe only.
      + debian-keyring: not useful enough in Ubuntu; universe only.
      + equivs: too much of a hack to install by default; universe only.
      + libsoap-lite-perl: only needed for one less common command ("select")
        for bts, which isn't useful for Ubuntu itself, and pulls in a lot of
        other universe Perl libraries; universe only.
    - scripts/debchange.{pl,1}:
      + Adjust --security template for Ubuntu.
      + Add -U/--upstream flag that forces original "just increment
        the end" behaviour; Ubuntu is upstream for some pieces of software.
      + Add --distributor= and DEBCHANGE_DISTRIBUTOR to override lsb_release
        output.
      + Default to "precise" as distribution.
      + Add "ubuntu1" to version string for new versions, with tweaks for
        special cases.
      + Add -R/--rebuild flag for Ubuntu's no-change rebuilds.
      + Don't use the last distribution in debian/changelog when doing
        "dch -r" on Ubuntu. "Just because it was last uploaded to jaunty
        doesn't mean that's the right thing to do now."
    - Add test/debchange.pl, test/Makefile: debchange test suite.
    - Rename XS-Vcs-* to XS-Debian-Vcs-*.

devscripts (2.11.4) unstable; urgency=high

  * Urgency "high" for security fixes.

  [ James McCoy ]
  * bts: Revert usertags' handling of more than one +/-/=. Only the first one
    is relevant.

  [ Ryan Niebur ]
  * dget: when finding the sources.list entry for the repository to
    download a package from, match any port with the correct hostname
    because apt-cache policy does not output port numbers in URLs
    (Closes: #601951)

  [ Adam D. Barratt ]
  * debdiff:
    + Fix a regression in the handling of embedded tarballs (a side
      effect of the changes introduced to resolve #571528).
    + Extend the changes from #571528 to cover more situations where
      user or file input is passed to an external program. Fixes
      CVE-2012-2012 (and any instance of CVE-2012-2011 not already
      covered by #571528).

  [ Paul Wise ]
  * suspicious-source: Also ignore mercurial and darcs VCS directories
    (Closes: #659966).

  [ Benjamin Drung ]
  * suspicious-source: Add inode/x-empty to whitelist of MIME types
    (Closes: #659946).

  [ Raphael Geissert ]
  * debdiff:
    + Remove undocumented feature treating extensionless files as if
      they were packages (Closes: #659559)
    + Add missing chdir for dpkg-source and remove extraneous quoting
      of --exclude parameters.
    + Fix CVE-2012-0210 (insufficient input sanitising reading .dsc
      and .changes files).
 -- Tyler Hicks <email address hidden> Wed, 15 Feb 2012 16:40:33 -0600