Security fix: directory traversal via /DEBIAN symlink

.gitignore

@@ -10,3 +10,4 @@ dpkg_1.15.5.6.tar.bz2
 /dpkg_1.18.15.tar.xz
 /dpkg_1.18.22.tar.xz
 /dpkg_1.18.24.tar.xz
+/dpkg_1.18.25.tar.xz

dpkg.spec

@@ -2,8 +2,8 @@
 %global pkgdatadir      %{_datadir}/dpkg
 
 Name:           dpkg
-Version:        1.18.24
+Version:        1.18.25
-Release:        9%{?dist}
+Release:        1%{?dist}
 Summary:        Package maintenance system for Debian Linux
 Group:          System Environment/Base
 # The entire source code is GPLv2+ with exception of the following
@@ -17,6 +17,7 @@ URL:            https://tracker.debian.org/pkg/dpkg
 Source0:        http://ftp.debian.org/debian/pool/main/d/dpkg/%{name}_%{version}.tar.xz
 Patch1:         dpkg-fix-logrotate.patch
 Patch2:         dpkg-perl-libexecdir.epel6.patch
+
 BuildRequires:  gcc-c++
 BuildRequires:  zlib-devel bzip2-devel libselinux-devel gettext ncurses-devel
 BuildRequires:  autoconf automake gettext-devel libtool
@@ -159,6 +160,7 @@ user interfaces.
 %if 0%{?rhel} && 0%{?rhel} < 7
 %patch2 -p1
 %endif
+
 # Filter unwanted Requires:
 cat << \EOF > %{name}-req
 #!/bin/sh
@@ -449,6 +451,10 @@ create_logfile
 
 
 %changelog
+* Sun Jul 29 2018 Sérgio Basto <sergio@serjux.com> - 1.18.25-1
+- Update dpkg to 1.18.25
+- Security fix: directory traversal via /DEBIAN symlink
+
 * Sun Jul 29 2018 Sérgio Basto <sergio@serjux.com> - 1.18.24-9
 - Requires(post): coreutils (#1598872)
 

sources

@@ -1 +1 @@
-SHA512 (dpkg_1.18.24.tar.xz) = 74df36a49a1b6b2243db14bd7ee0b69e50c2f0e79fc87e86e9b3cba2261fb717e421f7190a3ba54b4680a2f83855e5857dcb2625aa56847133258567392f1d42
+SHA512 (dpkg_1.18.25.tar.xz) = a26907c32ea02044d8729b70996b786204d3ce89ac294a8422b009688ab9bf886f593cb37430e84593dec2c26cfbc01a458d47fbda749decdf8acbfb72e07bb3