Re: stable update for backup-manager
Hi,
On Fri, 2010-01-22 at 15:11 +0100, Sven Joachim wrote:
> I would like to upload a new version of the backup-manager to stable in
> order to fix a (relatively minor) security issue. The fix is trivial,
> just transposing to lines and thus ensuring that a password is not
> written to a file until the world is denied read access. Full debdiff
> is attached.
>
> There is certainly no need for a DSA, since the problem is similar to
> CVE-2007-2766 (to be fixed in oldstable, no DSA), but even harder to
> exploit.
It does indeed seem somewhat difficult to exploit. :) However, that
doesn't imply that it shouldn't be fixed; please go ahead.
Regards,
Adam
Reply to: