Changelog
dpkg (1.17.9) unstable; urgency=high
[ Guillem Jover ]
* Do not allow patch files with C-style encoded filenames. Closes: #746306
Unconditionally fixes CVE-2014-0471.
* Switch alternative database backups from xz to gzip. Closes: #746354
* Do not leak long tar names on bogus or truncated archives.
* Do not leak the filepackages iterator when a directory is used by other
packages.
* Fix short lived memory leaks in «dpkg-split --split».
* Fix memory leak in unused Keybindings screen in dselect.
* Do not leak color string on «dselect --color».
* Fix memory leaks when parsing alternatives.
* Fix off-by-one stack buffer overrun in start-stop-daemon on GNU/Linux and
GNU/kFreeBSD if the executable pathname is longer than _POSIX_PATH_MAX.
Although this should not have security implications as the buffer is
surrounded by two arrays (so those catch accesses even if the stack
grows up or down), and we are compiling with -fstack-protector anyway.
* Mark the command_get_pager() tests on a tty as TODO for now, so that
we do not get failures on build daemons.
* Make test suite errors abort the build again. Closes: #746331
[ Updated scripts translations ]
* French (Steve Petruzzello). Closes: #746350
* German (Helge Kreutzmann).
[ Updated manpages translations ]
* German (Helge Kreutzmann).
-- Guillem Jover <email address hidden> Wed, 30 Apr 2014 05:45:20 +0200
