[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of mosquitto?



On 23/09/17 18:52, Emilio Pozuelo Monfort wrote:
> Hi,
> 
> On 10/07/17 16:32, Gianfranco Costamagna wrote:
>> Hello Roger,
>>
>>> Here you go. Build and runtime tested.
> 
> Thanks for working on this. Does this take care of updating the permissions when
> the file already exists? Doesn't seem to from my quick standalone test with a
> simple C program. Maybe this ought to call chmod as well for existing installations.

Oh, upstream seems to call unlink() first, so this will always create a new file
and so the umask will be taken into account. So no need for a chmod call there
afaics, sorry for the noise.

Cheers,
Emilio

> 
>> we should really patch also jessie, stretch and sid, right?
> 
> Yep, that'd be good. Currently this vulnerability is marked as no-dsa for
> stretch and jessie, so the security team may prefer that you fix this via a
> point release update, but please check with them. No excuse for not fixing this
> in sid though. :)
> 
> Cheers,
> Emilio
> 


Reply to: