tardiff 0.1-2+deb8u2build0.14.04.1 source package in Ubuntu
Changelog
tardiff (0.1-2+deb8u2build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
tardiff (0.1-2+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Add fix for shell command injection via tar filename itself.
This fix is as well part of the CVE-2015-0857 assignment but was
previously missed.
tardiff (0.1-2+deb8u1) jessie-security; urgency=high
* Add patch to fix miscalculated statistics. (Closes: #802098)
* Add patches to fix two security issues:
+ CVE-2015-0857: shell command injection through file names
+ CVE-2015-0858: /tmp race condition in handling temporary directory
Issues found and reported by Rainer Müller and Florian Weimer.
Additional necessary changes:
+ Add new run-time dependency on libtext-diff-perl.
-- Marc Deslauriers <email address hidden> Tue, 24 May 2016 09:23:53 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Trusty
- Original maintainer:
- Axel Beckert
- Architectures:
- all
- Section:
- utils
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | universe | utils | |
| Trusty | security | universe | utils |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| tardiff_0.1.orig.tar.bz2 | 1.9 KiB | 58f86a33b268bb7a30c1fa0e5b4d9a44434e1e5c5b7b7ba70d1a8e43f77ad765 |
| tardiff_0.1-2+deb8u2build0.14.04.1.debian.tar.gz | 5.0 KiB | 1960b593f6112657889cf96745518ab4d4ea49c15a8ce916ac678d26a47c9857 |
| tardiff_0.1-2+deb8u2build0.14.04.1.dsc | 1.8 KiB | afdd91fc6417f0ac08ee4b644ae186587f78ea3ced025f1c05cf84475e21c000 |
Available diffs
Binary packages built by this source
- tardiff: Tarball comparison tool
TarDiff compares the contents of two tarballs and reports on any
differences found between them. Its use is mainly for release
managers who can use it as a QA tool to make sure no files have
accidently been left over or were added by mistake. TarDiff supports
compressed tarballs, diff statistics and suppression of GNU autotool
changes.
