Accepted slocate 2.7-3 (i386 source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 7 Sep 2004 03:20:42 +0000
Source: slocate
Binary: slocate
Architecture: source i386
Version: 2.7-3
Distribution: unstable
Urgency: high
Maintainer: Kevin Lindsay <klindsay@debian.org>
Changed-By: Kevin Lindsay <klindsay@debian.org>
Description:
slocate - A secure replacment of findutil's locate
Closes: 226103 234563
Changes:
slocate (2.7-3) unstable; urgency=high
.
* 'slocate' sgid privileges are now dropped when searching databases that
are not apart of the 'slocate' group. This will prevent malicious user
supplied databases from elevating user access to the 'slocate' group.
See CAN-2003-0848, (closes: #226103)
* Changed diversion /etc/cron.daily.find.notslocate to
/etc/cron.daily/find.notslocate (closes: #234563)
* I also made the database creation feature drop privileges so that the
SGID binary can't chown the group of the database to 'slocate' unless
the user has explicit access.
* Added a patch which caused LOCATE_PATH to be ignored when '-d' was used,
and vice versa. This also fixed an off by 1 overflow bug.
Files:
2223bfb26ade197154ce17f424e84743 482 utils optional slocate_2.7-3.dsc
b5b1997b35abbd56db737bca8f54a174 101576 utils optional slocate_2.7-3.tar.gz
c95e2195a2da8660f935bf4485ebcce6 26896 utils optional slocate_2.7-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBPUSUUZpV8HRsUfQRAp8GAJkByTZwF+XRVrcYtoMC9bp1crRVTACg2ql3
RoAH22JMDBQeYXJqIEx0SD0=
=prVz
-----END PGP SIGNATURE-----
Accepted:
slocate_2.7-3.dsc
to pool/main/s/slocate/slocate_2.7-3.dsc
slocate_2.7-3.tar.gz
to pool/main/s/slocate/slocate_2.7-3.tar.gz
slocate_2.7-3_i386.deb
to pool/main/s/slocate/slocate_2.7-3_i386.deb
Reply to: