Changelog
devscripts (2.13.9) unstable; urgency=low
[ Martin Pitt ]
* autopkgtest: Add "allow-stderr" restriction to avoid failing tests because
of the HTTP server log on stderr.
[ James McCoy ]
* uscan:
+ Repack the tarball and verify it is a compressed archive without
allowing arbitrary code execution. Fixes CVE-2013-6888.
+ Use find's -exec to call rm directly instead of piping to xargs.
(Closes: #732006, CVE-2013-7085)
+ Follow tar's recommended security practices
- Use --keep-old-files --no-overwrite-dir
- Ensure parent directory of directory used for repacking archive isn't
accessible to other users.
+ Fix handling of 'dirname' exclusions, so 'dirname/*' isn't required.
[ Salvatore Bonaccorso ]
* uscan: Fix unitialized value warning when copyright is not in
copyright-format 1.0. (Closes: #732807)
-- James McCoy <email address hidden> Mon, 23 Dec 2013 15:28:45 -0500