You are here
Home > Preporuke > Ranjivost programskog paketa devscripts

Ranjivost programskog paketa devscripts

——————————————————————————–
Fedora Update Notification
FEDORA-2013-23975
2013-12-27 05:05:42
——————————————————————————–

Name : devscripts
Product : Fedora 20
Version : 2.13.9
Release : 1.fc20
URL : http://packages.debian.org/unstable/admin/devscripts
Summary : Scripts for Debian Package maintainers
Description :
Scripts to make the life of a Debian Package maintainer easier.

——————————————————————————–
Update Information:

– Update to 2.13.9, see http://ftp-master.metadata.debian.org/changelogs//main/d/devscripts/devscripts_2.13.9_changelog for details
– Fix CVE-2013-7085
——————————————————————————–
ChangeLog:

* Wed Dec 25 2013 Sandro Mani <manisandro@gmail.com> – 2.13.9-1
– Update to 2.13.9
– Fixes CVE-2013-7085 (rhbz#1040949)
* Wed Dec 11 2013 Sandro Mani <manisandro@gmail.com> – 2.13.8-1
– Update to 2.13.8
* Wed Dec 11 2013 Sandro Mani <manisandro@gmail.com> – 2.13.5-2
– Add upstream patch to fix arbitrary command execution when using
USCAN_EXCLUSION (rhbz#1040266, debian#731849)
* Thu Dec 5 2013 Sandro Mani <manisandro@gmail.com> – 2.13.5-1
– Update to 2.13.5
——————————————————————————–
References:

[ 1 ] Bug #1040949 – CVE-2013-7085 devscripts: broken handling of filenames with whitespace in uscan
https://bugzilla.redhat.com/show_bug.cgi?id=1040949
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update devscripts’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Ranjivost komponente WebYaST

Otkrivena je ranjivost komponente WebYaST na operacijskom sustavu SUSE. Ustanovljeno je da je WebYaST 1.2 koristio slabe dozvole za datoteku...

Close