Bug 38243 - dpkg: Multiple issues (4.0)
dpkg: Multiple issues (4.0)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0-3-errata
Assigned To: Daniel Tröder
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-13 13:48 CEST by Arvid Requate
Modified: 2015-09-15 13:36 CEST (History)
4 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-04-13 13:48:31 CEST
CVE-2015-0840

Incorrect signature validation when extracting local source packages.
Comment 1 Arvid Requate univentionstaff 2015-05-06 16:39:11 CEST
Fixed in upstream Debian package version 1.16.16
Comment 2 Daniel Tröder univentionstaff 2015-09-01 17:59:30 CEST
dpkg 1.16.16 was imported and build to scope errata4.0-3.
YAML (r63393): 2015-09-01-dpkg.yaml
Comment 3 Philipp Hahn univentionstaff 2015-09-09 15:30:09 CEST
OK: DEBIAN_FRONTEND=noninteractive aptitude -y install '?source-package(^dpkg$)~i'
OK: DEBIAN_FRONTEND=noninteractive aptitude -y install '?source-package(^dpkg$)?not(?name(udeb))'
OK: zless /usr/share/doc/dpkg/changelog.Debian.gz
OK: bzgrep 700_Dpkg_Control.t logs/ucs_4.0-0-0-errata4.0-3/dpkg_1.16.16.95.201509011754.log*
OK: DPKG_ORIGINS_DIR=./t/origins PERL_DL_NONLAZY=1 /usr/bin/perl -MExtUtils::Command::MM -e "test_harness(0, '.')" t/700_Dpkg_Control.t

OK: r63393
OK: 2015-09-01-dpkg.yaml
OK: errata-announce -V  2015-09-01-dpkg.yaml
Comment 4 Janek Walkenhorst univentionstaff 2015-09-15 13:36:46 CEST
<http://errata.software-univention.de/ucs/4.0/315.html>