Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador <firstname.lastname@example.org> was heard to say:
> Daniel Burrows <email@example.com> writes:
> > On Wed, May 28, 2008 at 02:27:55PM +0000, Debian Bug Tracking System <firstname.lastname@example.org> was heard to say:
> >> Changes:
> >> apt (0.7.14) unstable; urgency=low
> > [snip]
> >> [ Otavio Salvador ]
> >> * Apply patch to avoid truncating of arbitrary files. Thanks to Bryan
> >> Donlan <email@example.com> for the patch. Closes: #482476
> > Should this be urgency=high? (as per the devref section 220.127.116.11)
> Daniel, would you mind to contact security-team and prepare an upload too?
I'll take care of it when I get back from work this evening, if no-one
beats me to it.