-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Jan 2011 10:58:17 +0100
Source: dpkg
Binary: dpkg dpkg-dev dselect
Architecture: source i386 all
Version: 1.14.31
Distribution: stable-security
Urgency: low
Maintainer: Dpkg Developers <debian-dpkg@lists.debian.org>
Changed-By: Raphael Hertzog <hertzog@debian.org>
Description: 
 dpkg       - Debian package management system
 dpkg-dev   - Debian package development tools
 dselect    - Debian package management front-end
Changes: 
 dpkg (1.14.31) stable-security; urgency=low
 .
   * Fix multiple security issues with dpkg-source (CVE-2010-1679):
     - Enhance checks to catch maliciously crafted patches which could modify
       files outside of the unpacked source package.
     - Do not consider a top-level symlink like a directory when
       extracting a tarball.
     - Exclude .pc while extracting the upstream tarball in 3.0 (quilt)
       as patch blindly writes in that directory during unpack (and would
       follow any existing symlink).
Checksums-Sha1: 
 55a9558f62b3db1aac1e6f6e3f8d53cfff32f4df 1544 dpkg_1.14.31.dsc
 83d2944972820ea593705bbc24248253dc6a23c8 6853665 dpkg_1.14.31.tar.gz
 854c7a52069fe16eecba45202a57ec53a15f3ad2 2355460 dpkg_1.14.31_i386.deb
 87b0cc7cb8f14e68a8a2d7c5d4e2758079c4729d 800796 dselect_1.14.31_i386.deb
 c7369c0f9922f35472cf33f0c85532b05039bf44 771750 dpkg-dev_1.14.31_all.deb
Checksums-Sha256: 
 1b4547c5308998f8d553454b4b4ec8261a56be08935cff635173df537ab271e6 1544 dpkg_1.14.31.dsc
 1dac77bb76ef453a210bbe436ead8f26301a02f17aa0b39f11aadb94e4e6a221 6853665 dpkg_1.14.31.tar.gz
 20be1ca3b9932f69b041e8fe13b3c93d92b1a6caaac46459721637216a24df8c 2355460 dpkg_1.14.31_i386.deb
 ed12a37223b8cf7cce335664e0cd26b53d2040d72148db89046bda1703d4f9de 800796 dselect_1.14.31_i386.deb
 664b02da1404280e869b3c85c1a3babbcb79271fd65ee9174e40496b7ded02e8 771750 dpkg-dev_1.14.31_all.deb
Files: 
 7b5a31e034f1a51084e5c527daf11a59 1544 admin required dpkg_1.14.31.dsc
 8d7dd8bd286106467d9e13472fa02dac 6853665 admin required dpkg_1.14.31.tar.gz
 4a579b08f6d7fc5f7874748678299017 2355460 admin required dpkg_1.14.31_i386.deb
 b2a336247292f5b44611104d61f6b97a 800796 admin optional dselect_1.14.31_i386.deb
 c2175de2ec3d5033642922397a6771dd 771750 utils optional dpkg-dev_1.14.31_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Signed by Raphael Hertzog

iQEcBAEBCAAGBQJNJEO4AAoJEAOIHavrwpq5CpcH/1HMzpWo6VukEJOQ28Z1E4o9
C7LOGWeIcIqUtNPAVJhDTcm2G487Jd8nnUGOtc2wIjI5fLp7ClbdRXtrEudGM8+a
Y8Wr2PgOvxVFN1Tu+dJ1RVtEDSKXj15aZLRECsCIFfxSdlYClFdhZP7SpsvVCD2H
qPDCnqlMVARLrnPP3BmtFIWDHPk39orMhCWwMpxOJDql/CABnLBmOZlTJpu236br
XLtrPtnCYjxNmRCHW3j5D9xMCRUsm8F2ZN7yFsN1Ml3YawBTntXT2a4cFIa0yPEV
pgkCb8ddKOHFKoffzS+mbk0OLX7zitydvG3F49iXQVxbPtFOdttuIAu4wZcaw7Q=
=gUZE
-----END PGP SIGNATURE-----