-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: autofs Binary: autofs, autofs-ldap, autofs-hesiod, autofs5, autofs5-ldap, autofs5-hesiod Architecture: any all Version: 5.0.8-2 Maintainer: Michael Tokarev <[email protected]> Uploaders: Jan Christoph Nordholz <[email protected]>, Dmitry Smirnov <[email protected]>, William Dauchy <[email protected]> Homepage: http://www.kernel.org/pub/linux/daemons/autofs/v5/ Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/autofs.git Vcs-Git: git://anonscm.debian.org/collab-maint/autofs.git Build-Depends: debhelper (>= 9), autoconf, lsb-base, bison, flex, libhesiod-dev, libkrb5-dev, libldap-dev, libsasl2-dev, libssl-dev, libxml2-dev Package-List: autofs deb utils extra arch=any autofs-hesiod deb utils extra arch=any autofs-ldap deb utils extra arch=any autofs5 deb oldlibs extra arch=all autofs5-hesiod deb oldlibs extra arch=all autofs5-ldap deb oldlibs extra arch=all Checksums-Sha1: b223485bf33b649b37f876d6fb3cd4b852bcb328 328559 autofs_5.0.8.orig.tar.bz2 3dbd50793c2c6ec4aa20429a7eba3840f70ea630 20056 autofs_5.0.8-2.debian.tar.xz Checksums-Sha256: 2e0e42c654b7762b1235ec0131317224c57fdc6757ec00c820b2aa86338c9f7d 328559 autofs_5.0.8.orig.tar.bz2 36690a9a6727b6a115ea866d17cee6c74b357763b33c3e3a46c3d1650da3a7a6 20056 autofs_5.0.8-2.debian.tar.xz Files: 31fb22e2981228b80f0d9858faeae0cf 328559 autofs_5.0.8.orig.tar.bz2 6fc256838c434bc361f50181119cc933 20056 autofs_5.0.8-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVCoWYAAoJEFK2u9lTlo0bw8QP/0pAjM3smlfPZNKw+nvXjo+c 0aqY9aWO5a2FtLp8QQHxf3nGLRxeKacOSZL5JR+ZDPWMP5wHUI8kdVWIuYMXK5LQ z9Qc4fVveC5bbm94y4ZMZ7I+sNPr9ymPWxS7jssQS9iHmBwheFGH7qhc07YeE7gr CA3GF9nYAeNcRNEmEFI9dahvxHGu45ntWXm4VS9NUGi3hreYObvkNBzMj4OYAK3J nsExgWrIEZ2KOAjrsM/BFjZWu+fEj0cSta5FuArgQb2nJqqQUKwEZdQW2CvBeDyb uAXulobCILF5LHfNCconkTzBh3QdUVC1KRTDtuu0uwX7+IED26XwEf8XbOni+taq 2E7wDs4j4ifodk6UhkZpji0CqsGsQCngZws6VaPxNPgtAdAU0qJRrhM+sqXo5h/L AhBMLE0XJX70pBWqG5kkFTo+XyaWfrrlCekecypqfyRFBWf4y1M1Cj2ctScbgXZb DbPGzS0xGfm9eeFnGOgsJPNPtsLOzV3EjvlVcB2UvaaLBNrA7L/RAUr3brY8fFcd ZYU5vVi8KaYXLscbuzNUyJmY6kQC4YSkxA1jKFmROfuipT0SzHyVe8wlOwoqP37V RGOcfrM2dsHFtweD6Y7HNVqGExLumvq6XJh87ZG1Ezn9PvGN9WYtRF0+zCyvxH1o +Egv3mzgBvOfPcVSVVII =Q1ID -----END PGP SIGNATURE----- Changes: autofs (5.0.8-2) unstable; urgency=medium [ Salvatore Bonaccorso <[email protected]> ] * Add patches for CVE-2014-8169 (Closes: #779591). When a program map uses an interpreted languages like python it is possible to load and execute arbitray code from a user home directory. This is because the standard environment variables are used to locate and load modules when using these languages. To avoid that, a prefix to these environment names is added so that they aren't used for this purpose. The prefix used is "AUTOFS_" and is not configurable. Additionally a configuration option to force the use of program map standard environment variables is added (FORCE_STANDARD_PROGRAM_MAP_ENV). [ Dmitry Smirnov <[email protected]> ] * Refreshed other patches as needed. -- Dmitry Smirnov <[email protected]> Thu, 19 Mar 2015 18:38:23 +1100