[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Uploaded rvplayer 5.0-9 (source i386) to master



-----BEGIN PGP SIGNED MESSAGE-----

Format: 1.5
Date: Thu,  2 Sep 1999 02:41:03 -0700
Source: rvplayer
Binary: rvplayer
Architecture: source i386
Version: 1:5.0-9
Distribution: stable
Urgency: high
Maintainer: Joey Hess <joeyh@master.debian.org>
Description: 
 rvplayer   - Real Video Player (installer)
Changes: 
 rvplayer (1:5.0-9) stable; urgency=HIGH
 .
   * Fixed symlink attack against postinst. Installation of arbitrary files
     into the filesystem, and probably overwriting of arbitrary files are
     possible if exploited.
   * I fixed the attack by requiring root drop the file into /root.
   * Since this is a minimal-changes upload for stable, I limited my changes
     to just 3 lines of the postinst.
Files: 
 305e00aef8ef7ebc553459c6efc7ce00 513 contrib/net optional rvplayer_5.0-9.dsc
 832225cc6d7accda71847c6daf7002db 12770 contrib/net optional rvplayer_5.0-9.tar.gz
 a945370221bd060871ee6b19ee636429 7666 contrib/net optional rvplayer_5.0-9_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBN86Gmy/XHRyCt9S9AQGWTQMAx2aKXZyxwz4zxDZchTDZQYLtsobZK5Ie
DBlyoOVpBIh+Cd8adU3QX4d8z/iPMTmFD1J2kS1b7qfuJ6AOm8zqMP1H4gP0u7kK
PI3wEr3UwtParwNvuzNVISmnnqdZ8COA
=PlZq
-----END PGP SIGNATURE-----


Reply to: