-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (native) Source: dpkg Binary: libdpkg-dev, dpkg, dpkg-dev, libdpkg-perl, dselect Architecture: any all Version: 1.17.26 Origin: debian Maintainer: Dpkg Developers <[email protected]> Uploaders: Guillem Jover <[email protected]> Homepage: https://wiki.debian.org/Teams/Dpkg Standards-Version: 3.9.6 Vcs-Browser: https://anonscm.debian.org/cgit/dpkg/dpkg.git Vcs-Git: git://anonscm.debian.org/dpkg/dpkg.git Build-Depends: debhelper (>= 7), pkg-config, flex, gettext (>= 0.18), po4a (>= 0.41), zlib1g-dev, libbz2-dev, liblzma-dev, libselinux1-dev (>= 1.28-4) [linux-any], libkvm-dev [kfreebsd-any], libncursesw5-dev, libtimedate-perl, libio-string-perl Package-List: dpkg deb admin required arch=any dpkg-dev deb utils optional arch=all dselect deb admin optional arch=any libdpkg-dev deb libdevel optional arch=any libdpkg-perl deb perl optional arch=all Checksums-Sha1: 27e5649d983cae956268207bce59a70fe6379fe9 4410860 dpkg_1.17.26.tar.xz Checksums-Sha256: aa4e758752cdfd7ecb118d7a7d31139a0c090c92aa494aa2e46603006deb1ec8 4410860 dpkg_1.17.26.tar.xz Files: 07911f1c575f196f108a3c19c5bd517e 4410860 dpkg_1.17.26.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJWVthWAAoJELlyvz6krlej440QAO644zLovX4K4qll+jgmmltJ gBJCf2g7Iiw35sJ2QRFWHEyA84FhmZxevUnwNahQprbULJHocfZB9QnaBvgBNwcv 3J7hiNNlcRMAMHktWvyZabmQwR1dQIPYwP3sR/LwDS9XzV59ZekacxOE51IhdSeO l5lSblZgnw5OQ+75rrCVQu5mOZQbwhRuW+p9g2+8l5EL9nvoYR0NzyC+uO7jFm8c wIiw/LK8hSUUbIXjriI3DqiTeZup18rGbRdKtKR8DGd6NHKflliQeMD6+C6utX76 FCho32QmtAD5zjAEWaAarE0LD1R9F5Hfrq3IvWkF+SB82VFPFAvjMaGOCuOZ0jB9 t5H3JGzaOO/LuOOPmkG+PXHQ993wNi56L3DEeu8WVabHEnbq6njne5DhXlOpWO7J DSETq/tmEFzP3C8Nt3Bz9AyYyN1YNbVIRNTv1jf/n0Zq8i+ufUARQfRvjA8++fG6 N4xQ33l0qX3Od/pQyY1NhlvItIwcfhRlqtvpYcBPSatMUFAHkUeuI8y+GRAn+e9v iWBHb8J4XgpJodu6P6QL3sklrYoX8nvDT4cEbs3w2bf69L4iB9h4eKaQzH8QSiVO 6Pb2Dpe/AnK9no4O6I5soIQ5eTOV+8A0/Z530o4fXoRwpKjiIXFC4kD38dMgMfMN gT0bNz2D5FYtsna69ncG =Cmh+ -----END PGP SIGNATURE----- Changes: dpkg (1.17.26) jessie-security; urgency=high [ Guillem Jover ] * Fix an off-by-one write access in dpkg-deb when parsing the .deb magic. Reported by Jacek Wielemborek <[email protected]>. Closes: #798324 * Fix an off-by-one write access in dpkg-deb when parsing the old format .deb control member size. Thanks to Hanno Böck <[email protected]>. Fixes CVE-2015-0860. * Fix an off-by-one read access in dpkg-deb when parsing ar member names. Thanks to Hanno Böck <[email protected]>. [ Updated programs translations ] * Catalan (Jordi Mallach). * Turkish (Mert Dirik). Closes: #785095 [ Updated scripts translations ] * German (Helge Kreutzmann). (Various fixes) * Spanish (Santiago Vila). Closes: #799020 [ Updated manpages translations ] * German (Helge Kreutzmann). (Various fixes) -- Guillem Jover <[email protected]> Wed, 25 Nov 2015 22:54:54 +0100