tardiff (0.1-2+deb8u2) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add fix for shell command injection via tar filename itself. This fix is as well part of the CVE-2015-0857 assignment but was previously missed. -- Salvatore Bonaccorso Sun, 01 May 2016 10:46:40 +0200 tardiff (0.1-2+deb8u1) jessie-security; urgency=high * Add patch to fix miscalculated statistics. (Closes: #802098) * Add patches to fix two security issues: + CVE-2015-0857: shell command injection through file names + CVE-2015-0858: /tmp race condition in handling temporary directory Issues found and reported by Rainer Müller and Florian Weimer. Additional necessary changes: + Add new run-time dependency on libtext-diff-perl. -- Axel Beckert Tue, 20 Oct 2015 01:02:12 +0200 tardiff (0.1-2) unstable; urgency=low * Patch -a vs -s mixup. (Due to a typo, the short option -a is not queried while the short option -s works as if would have been -a. The according long options worked as advertised.) * Bump debhelper compatibility to 9 + Update versioned debhelper build-dependency + Remove manual clean up of *-stamp files * Revamp debian/rules: + Move dh_installman parameter to debian/manpages + Switch to a dh7 style debian/rules file * Remove recommends on essential package * Bump Standards-Version to 3.9.4 (no changes) * Fix lintian warning vcs-field-not-canonical * Remove stray debian/debian/patches/series * Apply wrap-and-sort -- Axel Beckert Mon, 03 Jun 2013 12:57:19 +0200 tardiff (0.1-1) unstable; urgency=low * Initial release (Closes: #650668) * Add patch to fix comparison of tar balls with the same base directory. -- Axel Beckert Mon, 07 May 2012 01:02:25 +0200