~roguescholar/lintian/+git/trunk:etch

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

fbe0c92... by Raphael Geissert on 2010-01-26

Finalize changes for 1.23.28+etch1

* Non-maintainer upload by the Security Team

* checks/{control-files,files,menus}:
  + [RG] Fix CVE-2009-4014: format string vulnerabilities
* checks/{debhelper,files,infofiles,init.d,menu-format,po-debconf,scripts}:
  + [RG] Fix CVE-2009-4015: arbitrary command execution
* checks/fields:
  + [RG] Fix CVE-2009-4013: missing control files sanitation

* collection/source-control-file:
  + [RG] Fix CVE-2009-4013: missing control files sanitation

* frontend/lintian:
  + [RG] Fix CVE-2009-4013: missing control files sanitation
  + [RG] Fix CVE-2009-4014: format string vulnerabilities

* lib/Util.pm:
  + [RG] Fix CVE-2009-4015: arbitrary command execution

* unpack/unpack-{bin,src}pkg-l1:
  + [RG] Fix CVE-2009-4013: missing control files sanitation

50c6950... by Raphael Geissert on 2010-01-26

Fix CVE-2009-4015, arbitrary command execution

File names were not properly escaped when passing them as arguments to
certain commands, allowing the execution of other commands as pipes or
as a set of shell commands.

b79a8d1... by Raphael Geissert on 2010-01-26

Fix CVE-2009-4014, format string vulnerabilities

Multiple check scripts and the lintian frontend were using
user-provided input as part of the sprintf/printf format string.

0e60e80... by Raphael Geissert on 2010-01-26

Fix CVE-2009-4013, missing control files sanitation

Control field names and values were not sanitised before using them
in certain operations that could lead to directory traversals.

An attacker could exploit these vulnerabilities to overwrite arbitrary
files.

43f01b2... by Russ Allbery on 2007-03-10

* collection/objdump-info:
  + [RA] Remove unsafe temporary file creation in left-over debugging
    code added accidentally when fixing #399456. Thanks, Josh
    Triplett. (Closes: #414237)

c62b8bf... by Russ Allbery on 2007-03-10

Create a new etch branch for a security fix.

465ae6f... by Russ Allbery on 2006-12-03

Tag 1.23.27 release.

8411f74... by Russ Allbery on 2006-12-03

Finalize changes for 1.23.27.

585b806... by Russ Allbery on 2006-12-03

* lib/Lab.pm:
  + [RA] Preserve the old package lists when setting up a static lab so
    that the unpack programs can build a list of changed packages and
    incremental mode works. Thanks, Bill Allmobert. (Closes: #400342)

8317287... by Russ Allbery on 2006-12-03

* unpack/list-udebpkg:
  + [RA] Handle compressed udeb Packages files. Thanks, Bill
    Allombert. (Closes: #400338)