UbuntuUpdates.org

Package "dpkg"

Name: dpkg

Description:

Debian package management system

Latest version: 1.16.1.2ubuntu7.9
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://wiki.debian.org/Teams/Dpkg

Links


Download "dpkg"


Other versions of "dpkg" in Precise

Repository Area Version
base main 1.16.1.2ubuntu7
security main 1.16.1.2ubuntu7.9

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.16.1.2ubuntu7.9 2021-05-03 15:06:22 UTC

  dpkg (1.16.1.2ubuntu7.9) precise-security; urgency=medium

  * Fix physical file offset comparison in dpkg. Closes: #808912
    Thanks to Yuri Gribov <email address hidden>.
    - adbdfb0dd9cec401609fd3eef232b7ff2153db7f
  * Do not segfault on GNU/Linux when dpkg cannot retrieve the block size
    for the filesystem containing the info database. LP: #872734
    - 916bdba9095bd361cb2bccd6f566ecffdb206193

 -- Jamie Strandboge <email address hidden> Fri, 07 Feb 2020 13:54:00 +0000

Source diff to previous version
872734 dpkg coredumps if FIGETBSZ ioctl return -ENOTTY
808912 dpkg: pkg_sorter_by_listfile_phys_offs violates qsort requirements

Version: 1.16.1.2ubuntu7.8 2016-06-23 19:06:26 UTC

  dpkg (1.16.1.2ubuntu7.8) precise; urgency=medium

  * Backport from Debian (LP: #1587667):
    - Allow detached upstream signatures for upstream orig.tar files in the
      .dsc file. Suggested by Daniel Kahn Gillmor <email address hidden>.
      Closes: #759478
    - Allow detached upstream orig tarball signatures when extracting
      version 1.0 non-native source packages.

 -- Colin Watson <email address hidden> Tue, 14 Jun 2016 19:22:53 +0100

Source diff to previous version
1587667 Import from Debian fails for source packages with included tarball .asc
759478 dpkg-source should accept an upstream signature - Debian Bug report logs

Version: 1.16.1.2ubuntu7.7 2015-11-26 21:06:27 UTC

  dpkg (1.16.1.2ubuntu7.7) precise-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - dpkg-deb/extract.c: Fix off-by-one write access on versionbuf
      variable.
    - dpkg-deb/extract.c: Fix off-by-one write access on ctrllenbuf
      variable. (CVE-2015-0860)
    - lib/dpkg/ar.c: Fix an off-by-one read access in ar member name
      variable.
    - Thanks to Guillem Jover and Hanno Böck for the patches!

 -- Marc Deslauriers Thu, 26 Nov 2015 07:40:52 -0500

Source diff to previous version
CVE-2015-0860 off-by-one write access in dpkg-deb

Version: 1.16.1.2ubuntu7.6 2015-04-09 21:06:40 UTC

  dpkg (1.16.1.2ubuntu7.6) precise-security; urgency=medium

  * SECURITY UPDATE: OpenPGP Armor Header Line parsing issue
    - scripts/Dpkg/Control/{Hash,Package}.pm: adjust parsing logic.
    - scripts/Makefile.*, scripts/t/700_Dpkg_Control.t,
      scripts/t/700_Dpkg_Control/*: added bunch of tests.
    - Patch thanks to Guillem Jover
    - CVE-2015-0840
 -- Marc Deslauriers <email address hidden> Thu, 09 Apr 2015 09:22:25 -0400

Source diff to previous version

Version: 1.16.1.2ubuntu7.5 2014-06-10 13:07:02 UTC

  dpkg (1.16.1.2ubuntu7.5) precise-security; urgency=medium

  * SECURITY UPDATE: arbitrary file modification via dpkg-source
    - scripts/Dpkg/Source/Patch.pm: Use a better regex for patch header
      parsing
    - 5348cbc981a65c3c9b05bb4d13553bda930c2d78
    - CVE-2014-3864
    - CVE-2014-3865
 -- Marc Deslauriers <email address hidden> Mon, 09 Jun 2014 13:00:47 -0400

CVE-2014-3864 Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 ...
CVE-2014-3865 Multiple directory traversal vulnerabilities in dpkg-source in ...



About   -   Send Feedback to @ubuntu_updates