FEDORA-2015-12699 created by smani 6 years ago for Fedora 22
stable

Update to version 2.15.8, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.8_changelog for details. Fixes CVE-2015-5705. Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.7, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.7_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. This update fixes licensecheck refusing to parse some text files such as C++ source files. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details. Update to version 2.15.6, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.6_changelog for details.

How to install

sudo dnf upgrade --advisory=FEDORA-2015-12699

This update has been submitted for testing by smani.

6 years ago

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113157/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113157/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113261/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113261/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on i386. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113270/steps/runtask/logs/stdio (results are informative only)

Taskotron: depcheck test PASSED on x86_64. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/113270/steps/runtask/logs/stdio (results are informative only)

This update is currently being pushed to the Fedora 22 testing updates repository.

6 years ago

This update has been pushed to testing

6 years ago
User Icon akurtakov commented & provided feedback 6 years ago
karma

works for me

Fixing security issues with an update is all good, but you should check your packages with rpmdiff - devscripts-minimal has a new dependency on dpkg-perl and dpkg. Please move the offending bits to the main package, because devscripts-minimal is no longer so minimal (IMHO it shouldn't depend on Debian-specific package).

The offending script is licensecheck, which now has "use Dpkg::IPC qw(spawn);". I'm not familiar enough with perl to judge whether this can be replaced by something else. In any event, removing that script from devscripts-minimal kinda defeats the entire purpose of having devscripts-minimal, since then fedora-review would need to depend on the entire devscripts. So unless the "use Dpkg::IPC qw(spawn);" can somehow be removed, I don't see a way to reduce the dependency load unfortunately.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for stable by smani.

6 years ago

Taskotron: upgradepath test FAILED on noarch. Result log: https://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/115473/steps/runtask/logs/stdio (results are informative only)

Automatic push to stable based on karma has been disabled for this update due to failure of an AutoQA test. Update submitter, please check the AutoQA test result and see if there is a valid problem to be fixed here, and fix it if so. If the failure is a mistake on AutoQA's part, you can re-enable the automatic push feature for this update if you like, or push it stable manually once it reaches the requirements under the Updates Policy.

6 years ago

This update is currently being pushed to the Fedora 22 stable updates repository.

6 years ago

This update has been pushed to stable

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
modified
6 years ago
BZ#1249227 licensecheck cannot parse c/c++ files
0
0
BZ#1249635 CVE-2015-5704 devscripts: arbitrary shell command injection
0
0
BZ#1249636 CVE-2015-5704 devscripts: arbitrary shell command injection [fedora-all]
0
0
BZ#1249645 CVE-2015-5705 devscripts: argument injection vulnerability
0
0
BZ#1249647 CVE-2015-5705 devscripts: argument injection vulnerability [fedora-all]
0
0

Automated Test Results