UbuntuUpdates.org

Package "devscripts"

Name: devscripts

Description:

scripts to make the life of a Debian Package maintainer easier
Latest version: 2.11.6ubuntu1.7
Release: precise (12.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "devscripts"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "devscripts" in Precise

Repository Area Version
base main 2.11.6ubuntu1
security main 2.11.6ubuntu1.7

Changelog

Version: 2.11.6ubuntu1.7 2015-06-16 18:07:03 UTC

  devscripts (2.11.6ubuntu1.7) precise-security; urgency=medium

  * SECURITY UPDATE: directory traversal issue in uupdate
    - scripts/uupdate.sh: remove symlinks before applying patches, and
      restore them afterwards.
    - http://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=0fef671
    - CVE-2014-1833

 -- Marc Deslauriers <email address hidden> Mon, 15 Jun 2015 13:15:39 -0400
Source diff to previous version
CVE-2014-1833 Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, rel

Version: 2.11.6ubuntu1.6 2014-01-21 15:06:35 UTC

  devscripts (2.11.6ubuntu1.6) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution in uscan via crafted tarball
    - scripts/uscan.pl: improve tarball handling.
    - 02c6850d973e3e1246fde72edab27f03d63acc52
    - 4b7e58ee6000cdefac0682601cec6ecce0137467
    - CVE-2013-6888
 -- Marc Deslauriers <email address hidden> Fri, 10 Jan 2014 13:02:15 -0500
Source diff to previous version
CVE-2013-6888 Uscan in devscripts before 2.13.9 allows remote attackers to execute ...

Version: 2.11.6ubuntu1.4 2012-10-02 23:06:55 UTC

  devscripts (2.11.6ubuntu1.4) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via insufficient validation
    in dscverify
    - scripts/dscverify.pl: perform better validation.
    - 9fba4788933475185df5e58b7fa557e5e3fb15e4
    - CVE-2012-2240
  * SECURITY UPDATE: arbitrary file deletion via insufficient validation
    in dget
    - scripts/dget.pl: strip invalid characters
    - 0fd15bdec07b085f9ef438dacd18e159ac60b810
    - CVE-2012-2241
  * SECURITY UPDATE: file alteration via TOCTOU in annotate-output
    - scripts/annotate-output.sh: prevent symlink attack.
    - 4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0
    - CVE-2012-3500
  * REGRESSION FIX: improper exit code in CVE-2012-0212 debdiff.pl fix
    - f9a1a4c468671827d2650161cc33324fe0247a98
 -- Marc Deslauriers <email address hidden> Wed, 26 Sep 2012 14:49:27 -0400
Source diff to previous version
CVE-2012-2240 dscverify arbitrary code execution
CVE-2012-2241 dget arbitrary file deletion
CVE-2012-3500 annotate-output temp files handling
CVE-2012-0212 debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in

Version: 2.11.6ubuntu1.3 2012-07-14 15:06:44 UTC

  devscripts (2.11.6ubuntu1.3) precise-proposed; urgency=low

  * debchange: On Ubuntu always default to targeting the release that it's run
    from, *not* the current devel release, since its primary use on stable
    releases will be for preparing PPA uploads. (LP: #1001068)
 -- Benjamin Drung <email address hidden> Fri, 22 Jun 2012 00:42:44 +0200
Source diff to previous version
1001068 quantal

Version: 2.11.6ubuntu1.2 2012-05-15 17:06:43 UTC

  devscripts (2.11.6ubuntu1.2) precise-proposed; urgency=low

  * Scour debchange.pl for more s/precise/quantal/ bits ((LP: #994208)
 -- Adam Conrad <email address hidden> Sun, 06 May 2012 02:31:54 -0600
994208 Needs to know about quantal


About   -   Send Feedback to @ubuntu_updates