Uploaded rvplayer 5.0-9 (source i386) to master
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.5
Date: Thu, 2 Sep 1999 02:41:03 -0700
Source: rvplayer
Binary: rvplayer
Architecture: source i386
Version: 1:5.0-9
Distribution: stable
Urgency: high
Maintainer: Joey Hess <joeyh@master.debian.org>
Description:
rvplayer - Real Video Player (installer)
Changes:
rvplayer (1:5.0-9) stable; urgency=HIGH
.
* Fixed symlink attack against postinst. Installation of arbitrary files
into the filesystem, and probably overwriting of arbitrary files are
possible if exploited.
* I fixed the attack by requiring root drop the file into /root.
* Since this is a minimal-changes upload for stable, I limited my changes
to just 3 lines of the postinst.
Files:
305e00aef8ef7ebc553459c6efc7ce00 513 contrib/net optional rvplayer_5.0-9.dsc
832225cc6d7accda71847c6daf7002db 12770 contrib/net optional rvplayer_5.0-9.tar.gz
a945370221bd060871ee6b19ee636429 7666 contrib/net optional rvplayer_5.0-9_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBN86Gmy/XHRyCt9S9AQGWTQMAx2aKXZyxwz4zxDZchTDZQYLtsobZK5Ie
DBlyoOVpBIh+Cd8adU3QX4d8z/iPMTmFD1J2kS1b7qfuJ6AOm8zqMP1H4gP0u7kK
PI3wEr3UwtParwNvuzNVISmnnqdZ8COA
=PlZq
-----END PGP SIGNATURE-----
Reply to: