Re: Wheezy update of mosquitto?
On 23/09/17 18:52, Emilio Pozuelo Monfort wrote:
> Hi,
>
> On 10/07/17 16:32, Gianfranco Costamagna wrote:
>> Hello Roger,
>>
>>> Here you go. Build and runtime tested.
>
> Thanks for working on this. Does this take care of updating the permissions when
> the file already exists? Doesn't seem to from my quick standalone test with a
> simple C program. Maybe this ought to call chmod as well for existing installations.
Oh, upstream seems to call unlink() first, so this will always create a new file
and so the umask will be taken into account. So no need for a chmod call there
afaics, sorry for the noise.
Cheers,
Emilio
>
>> we should really patch also jessie, stretch and sid, right?
>
> Yep, that'd be good. Currently this vulnerability is marked as no-dsa for
> stretch and jessie, so the security team may prefer that you fix this via a
> point release update, but please check with them. No excuse for not fixing this
> in sid though. :)
>
> Cheers,
> Emilio
>
Reply to: