[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: util-linux for sarge

On Fri, Mar 25, 2005 at 05:16:14PM -0800, Steve Langasek wrote:
> Additional con:
>  - depends on a newer version of e2fsprogs than we currently have in
> testing, which requires updating roughly a half dozen frozen libraries
> Hrm, this looks like a bug in libblkid1 to me, since the shlibs were not
> updated when the new public functions were added...

There is a security vulnerability caused by mount using the older
version of libblkid1, which didn't verify that euid=uid before blindly
using an environment variable for a file name...

One might argue that this is sufficient reason to bump the soname, but
sid and hoary are the only users of that function in that manner (inside

An alternative that is less invasive to sarge would be to drop libblkid1
support from a t-p-u upload.


Reply to: