Re: util-linux for sarge

To: debian-release@lists.debian.org, LaMont Jones <lamont@debian.org>, e2fsprogs@packages.debian.org
Subject: Re: util-linux for sarge
From: LaMont Jones <lamont@debian.org>
Date: Sat, 26 Mar 2005 09:39:41 -0700
Message-id: <[🔎] 20050326163941.GC18472@mmjgroup.com>
Mail-followup-to: LaMont Jones <lamont@debian.org>, debian-release@lists.debian.org, e2fsprogs@packages.debian.org
In-reply-to: <[🔎] 20050326011610.GH6434@mauritius.dodds.net>
References: <[🔎] 20050324015918.GB7776@mmjgroup.com> <[🔎] 20050326011610.GH6434@mauritius.dodds.net>

On Fri, Mar 25, 2005 at 05:16:14PM -0800, Steve Langasek wrote:
> Additional con:
>  - depends on a newer version of e2fsprogs than we currently have in
> testing, which requires updating roughly a half dozen frozen libraries
> Hrm, this looks like a bug in libblkid1 to me, since the shlibs were not
> updated when the new public functions were added...

There is a security vulnerability caused by mount using the older
version of libblkid1, which didn't verify that euid=uid before blindly
using an environment variable for a file name...

One might argue that this is sufficient reason to bump the soname, but
sid and hoary are the only users of that function in that manner (inside
mount).

An alternative that is less invasive to sarge would be to drop libblkid1
support from a t-p-u upload.

lamont

Reply to:

Follow-Ups:
- Re: util-linux for sarge
  - From: Steve Langasek <vorlon@debian.org>
- Re: util-linux for sarge
  - From: Theodore Ts'o <tytso@mit.edu>

References:
- util-linux for sarge
  - From: LaMont Jones <lamont@debian.org>
- Re: util-linux for sarge
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: [Urgency] How to make libchewing & scim-chewing into Sarge?
Next by Date: Re: util-linux for sarge
Previous by thread: Re: util-linux for sarge
Next by thread: Re: util-linux for sarge
Index(es):
- Date
- Thread