[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of mosquitto?

On 23/09/17 18:52, Emilio Pozuelo Monfort wrote:
> Hi,
> On 10/07/17 16:32, Gianfranco Costamagna wrote:
>> Hello Roger,
>>> Here you go. Build and runtime tested.
> Thanks for working on this. Does this take care of updating the permissions when
> the file already exists? Doesn't seem to from my quick standalone test with a
> simple C program. Maybe this ought to call chmod as well for existing installations.

Oh, upstream seems to call unlink() first, so this will always create a new file
and so the umask will be taken into account. So no need for a chmod call there
afaics, sorry for the noise.


>> we should really patch also jessie, stretch and sid, right?
> Yep, that'd be good. Currently this vulnerability is marked as no-dsa for
> stretch and jessie, so the security team may prefer that you fix this via a
> point release update, but please check with them. No excuse for not fixing this
> in sid though. :)
> Cheers,
> Emilio

Reply to: