* Fix OpenPGP Armor Header Line parsing in Dpkg::Control::Hash. We should
only accept [\r\t ] as trailing whitespace, although RFC4880 does not
clarify what whitespace really maps to, we should really match the GnuPG
implementation anyway, as that's what we use to verify the signatures.
Reported by Jann Horn <firstname.lastname@example.org>. Fixes CVE-2015-0840.
Arch teams, please test and mark stable:
Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Stable for HPPA.
C3 for now until more information is available as to the vulnerability.
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification via a
crafted Debian source control file (.dsc).
Stable for PPC64.
Maintainer(s), please cleanup.
Security, please vote.
Arches and Maintainer(s), Thank you for your work.
GLSA Vote: No
NO too, closing.