xorg: Changes to 'debian-unstable'

To: debian-x@lists.debian.org
Subject: xorg: Changes to 'debian-unstable'
From: Julien Cristau <jcristau@alioth.debian.org>
Date: Tue, 20 Feb 2007 10:16:34 +0100
Message-id: <[🔎] E1HJR6w-0008Ca-H4@alioth.debian.org>

 debian/changelog      |    7 +++++++
 debian/local/Xsession |    2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

New commits:
commit 8b2df98c792aa52f181624206d9ed9331eaba5a8
Author: Julien Cristau <jcristau@debian.org>
Date:   Tue Feb 20 10:12:25 2007 +0100

    debian/local/Xsession: set temporary umask when creating $ERRFILE.
    
    Thanks to Timo Aaltonen for pointing out this change in the Ubuntu package.
    Reference: CVE-2006-5214.

diff --git a/debian/changelog b/debian/changelog
index 8973c34..63132b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg (1:7.1.0-13) UNRELEASED; urgency=high
+
+  * debian/local/Xsession: set temporary umask when creating $ERRFILE.  Thanks
+    Timo Aaltonen.  This fixes CVE-2006-5214.
+
+ -- Julien Cristau <jcristau@debian.org>  Tue, 20 Feb 2007 10:08:56 +0100
+
 xorg (1:7.1.0-12) unstable; urgency=high
 
   [ Christian Perrier ]
diff --git a/debian/local/Xsession b/debian/local/Xsession
index f4e7663..e818342 100644
--- a/debian/local/Xsession
+++ b/debian/local/Xsession
@@ -78,7 +78,7 @@ ALTUSERXSESSION=$HOME/.Xsession
 ERRFILE=$HOME/.xsession-errors
 
 # attempt to create an error file; abort if we cannot
-if touch "$ERRFILE" 2> /dev/null && [ -w "$ERRFILE" ] &&
+if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
   [ ! -L "$ERRFILE" ]; then
   chmod 600 "$ERRFILE"
 elif ERRFILE=$(tempfile 2> /dev/null); then

Reply to:

Prev by Date: Bug#410879: xserver-xorg-core: Dual-screen problem
Next by Date: Bug#407036: xserver-xorg: Server crashes after hibernate
Previous by thread: xorg: Changes to 'debian-unstable'
Next by thread: xorg: Changes to 'debian-unstable'
Index(es):
- Date
- Thread