Lintian had one security update since Precise:
lintian (2.5.43ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via YAML parsing - checks/upstream-metadata.pm: disable YAML parser. - t/tests/upstream-metadata-invalid-yml/skip: skip test. - 0a2f38ecbc70d34a4b77c93a030555b310bd34ff - CVE-2017-8829
-- Marc Deslauriers <email address hidden> Mon, 05 Jun 2017 14:33:13 -0400
Devscripts had a few:
devscripts (2.17.12ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Code execution through unsafe YAML loading - CVE-2018-13043 --- devscripts (2.14.1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: directory traversal issue in uupdate - scripts/uupdate.sh: remove symlinks before applying patches, and restore them afterwards. - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671 - CVE-2014-1833
--- devscripts (2.11.6ubuntu1.7) precise-security; urgency=medium
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 13:15:39 -0400
devscripts (2.11.6ubuntu1.6) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball - scripts/uscan.pl: improve tarball handling. - 02c6850d973e3e1246fde72edab27f03d63acc52 - 4b7e58ee6000cdefac0682601cec6ecce0137467 - CVE-2013-6888
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2014 13:02:15 -0500
devscripts (2.11.6ubuntu1.4) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via insufficient validation in dscverify - scripts/dscverify.pl: perform better validation. - 9fba4788933475185df5e58b7fa557e5e3fb15e4 - CVE-2012-2240 * SECURITY UPDATE: arbitrary file deletion via insufficient validation in dget - scripts/dget.pl: strip invalid characters - 0fd15bdec07b085f9ef438dacd18e159ac60b810 - CVE-2012-2241 * SECURITY UPDATE: file alteration via TOCTOU in annotate-output - scripts/annotate-output.sh: prevent symlink attack. - 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0 - CVE-2012-3500 * REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix - f9a1a4c468671827d2650161cc33324fe0247a98
« Back to merge proposal
Lintian had one security update since Precise:
lintian (2.5.43ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: code execution via YAML parsing upstream- metadata. pm: disable YAML parser. upstream- metadata- invalid- yml/skip: skip test. a4b77c93a030555 b310bd34ff
- checks/
- t/tests/
- 0a2f38ecbc70d34
- CVE-2017-8829
-- Marc Deslauriers <email address hidden> Mon, 05 Jun 2017 14:33:13 -0400
Devscripts had a few:
devscripts (2.17.12ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Code execution through unsafe YAML loading
- CVE-2018-13043
---
devscripts (2.14.1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: directory traversal issue in uupdate anonscm. debian. org/cgit/ collab- maint/devscript s.git/commit/ ?id=0fef671
- scripts/uupdate.sh: remove symlinks before applying patches, and
restore them afterwards.
- http://
- CVE-2014-1833
---
devscripts (2.11.6ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: directory traversal issue in uupdate anonscm. debian. org/cgit/ collab- maint/devscript s.git/commit/ ?id=0fef671
- scripts/uupdate.sh: remove symlinks before applying patches, and
restore them afterwards.
- http://
- CVE-2014-1833
-- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 13:15:39 -0400
devscripts (2.11.6ubuntu1.6) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball 246fde72edab27f 03d63acc52 fac0682601cec6e cce0137467
- scripts/uscan.pl: improve tarball handling.
- 02c6850d973e3e1
- 4b7e58ee6000cde
- CVE-2013-6888
-- Marc Deslauriers <email address hidden> Fri, 10 Jan 2014 13:02:15 -0500
devscripts (2.11.6ubuntu1.4) precise-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via insufficient validation dscverify. pl: perform better validation. 85df5e58b7fa557 e5e3fb15e4 f9ef438dacd18e1 59ac60b810 annotate- output. sh: prevent symlink attack. 7b0972b30f5d31d ce97a93eb0 7d2650161cc3332 4fe0247a98
in dscverify
- scripts/
- 9fba47889334751
- CVE-2012-2240
* SECURITY UPDATE: arbitrary file deletion via insufficient validation
in dget
- scripts/dget.pl: strip invalid characters
- 0fd15bdec07b085
- CVE-2012-2241
* SECURITY UPDATE: file alteration via TOCTOU in annotate-output
- scripts/
- 4d23a5e6c90f7a3
- CVE-2012-3500
* REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
- f9a1a4c46867182