Changelog
dpkg (1.16.16) wheezy-security; urgency=high
[ Guillem Jover ]
* Do not leak long tar names on bogus or truncated archives.
* Do not leak the filepackages iterator when a directory is used by other
packages.
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix memory leaks in buffer_copy() on error conditions.
* Fix possible out of bounds buffer read access in the error output on
bogus ar member sizes.
* Fix file triggers/Unincorp descriptor leak on subprocesses. Regression
introduced with the initial triggers implementation in dpkg 1.14.17.
Closes: #751021
* Fix a descriptor leak on dselect subprocesses when --debug is used.
* Do not run qsort() over the scandir() list in libcompat if it is NULL.
* Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and
GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX.
Although this should not have security implications as the buffer is
surrounded by two arrays (so those catch accesses even if the stack
grows up or down), and we are compiling with -fstack-protector anyway.
* Add a workaround to start-stop-daemon for bogus OpenVZ Linux kernels that
prepend, instead of appending, the " (deleted)" marker in /proc/PID/exe.
Closes: #731530
* Fix off-by-one error in libdpkg command argv size calculation.
Based on a patch by Bálint Réczey <email address hidden>. Closes: #760690
* Escape package and architecture names on control file parsing warning,
as those get injected into a variable that is used as a format string,
and they come from the package fields, which are under user control.
Regression introduced in dpkg 1.16.0. Fixes CVE-2014-8625. Closes: #768485
Reported by Joshua Rogers <email address hidden>.
* Do not match partial field names in control files. Closes: #769119
Regression introduced in dpkg 1.10.
* Fix out-of-bounds buffer read accesses when parsing field and trigger
names or checking package ownership of conffiles and directories.
Reported by Joshua Rogers <email address hidden>.
* Add powerpcel support to cputable. Thanks to Jae Junh <email address hidden>.
* Fix OpenPGP Armor Header Line parsing in Dpkg::Control::Hash. We should
only accept [\r\t ] as trailing whitespace, although RFC4880 does not
clarify what whitespace really maps to, we should really match the GnuPG
implementation anyway, as that's what we use to verify the signatures.
Reported by Jann Horn <email address hidden>. Fixes CVE-2015-0840.
[ Raphaël Hertzog ]
* Drop myself from Uploaders.
[ Updated scripts translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
[ Updated man page translations ]
* Fix typos in German (Helge Kreutzmann)
* Swedish (Peter Krefting).
-- Guillem Jover <email address hidden> Thu, 09 Apr 2015 08:45:47 +0200
