Installed realplayer 6.0alpha-4 (source i386)
Installed:
realplayer_6.0alpha-4.dsc
to dists/potato/contrib/source/net/realplayer_6.0alpha-4.dsc
replacing realplayer_6.0alpha-3.dsc
realplayer_6.0alpha-4_i386.deb
to dists/potato/contrib/binary-i386/net/realplayer_6.0alpha-4.deb
replacing realplayer_6.0alpha-3.deb
realplayer_6.0alpha-4.tar.gz
to dists/potato/contrib/source/net/realplayer_6.0alpha-4.tar.gz
replacing realplayer_6.0alpha-3.tar.gz
-----BEGIN PGP SIGNED MESSAGE-----
Format: 1.6
Date: Thu, 2 Sep 1999 02:24:20 -0700
Source: realplayer
Binary: realplayer
Architecture: source i386
Version: 6.0alpha-4
Distribution: unstable
Urgency: high
Maintainer: Joey Hess <joeyh@master.debian.org>
Description:
realplayer - Real Player G2 (installer)
Changes:
realplayer (6.0alpha-4) unstable; urgency=HIGH
.
* Fixed symlink attack against postinst. Installation of arbitrary files
into the filesystme, and probably overwriting of arbitrary files are
possible if exploited.
* I fixed the attack by requiring root drop the file into /root. I removed
the permissions checking on the file, since it is now in a directory
only root can write to.
Files:
72547815eadb0cc5d06f8a4e8aabc73c 526 contrib/net optional realplayer_6.0alpha-4.dsc
face77339d78263735f9952fd0dd1986 6991 contrib/net optional realplayer_6.0alpha-4.tar.gz
17872248a25fcf05cf870a07ca218a90 8122 contrib/net optional realplayer_6.0alpha-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQB1AwUBN85ERS/XHRyCt9S9AQFD2AMAst+8wUkJGtV9/EHHNuHnKUtXvThiWfqU
sSo+2TukySOY73iE1vO4Cxw4JyRmIgouoipjvjnj1RA7AqlsgCJMYrXas38f/yMT
bqUqRf7CKPsmTI9MujxhBrBORvbFhLOT
=aQpe
-----END PGP SIGNATURE-----
Reply to: