Changelog
dpkg (1.16.15) wheezy-security; urgency=high
[ Guillem Jover ]
* Test suite:
- Add test cases for Dpkg::Source::Patch CVE-2014-0471 and CVE-2014-3127.
- Add test case for patch disabling hunks; not security sensitive.
* Correctly parse patch headers in Dpkg::Source::Patch, to avoid directory
traversal attempts from hostile source packages when unpacking them.
Reported by Javier Serrano Polo <email address hidden> as an unspecified
directory traversal; meanwhile also independently found by me both
#749183 and what was supposed to be #746498, which was later on published
and ended up being just a subset of the other non-reported issue.
Fixes CVE-2014-3864 and CVE-2014-3865. Closes: #746498, #749183
[ Updated programs translations ]
* Merge translated strings from master.
[ Updated scripts translations ]
* German (Helge Kreutzmann).
[ Updated man page translations ]
* Merge translated strings from master.
* Unfuzzy or update trivial translations (Guillem Jover).
-- Guillem Jover <email address hidden> Thu, 05 Jun 2014 22:24:36 +0200
