[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#659296: Comments on the 0.4.1-6 upload

Vasudev Kamath asked me to include this information in the bug report.

From: Florian Weimer <fw@deneb.enyo.de>
Subject: Re: Accepted surf 0.4.1-6 (source i386)
To: Vasudev Kamath <kamathvasudev@gmail.com>
Date: Fri, 10 Feb 2012 23:18:36 +0100
Message-ID: <87vcnemiwz.fsf@mid.deneb.enyo.de>

* Vasudev Kamath:

>  surf (0.4.1-6) unstable; urgency=high
>  .
>    * QA upload.
>    * debian/patches:
>      + Added fix-insecure-permissions.patch to fix world readable cookie jar
>        vulnerability CVE-2012-0842. (Closes: #659296)

-               g_mkdir_with_parents(apath, 0755);
+               g_mkdir_with_parents(apath, 0700);

I think you should also downgrade the permissions from 0755 if the
directory exists (in case we want to keep the package alive, which I doubt).

[Addendum: It is sufficient to do this with just one component of the

Reply to: