Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador <otavio@debian.org> was heard to say:
> Daniel Burrows <dburrows@debian.org> writes:
>
> > On Wed, May 28, 2008 at 02:27:55PM +0000, Debian Bug Tracking System <owner@bugs.debian.org> was heard to say:
> >> Changes:
> >> apt (0.7.14) unstable; urgency=low
> >
> > [snip]
> >
> >> [ Otavio Salvador ]
> >> * Apply patch to avoid truncating of arbitrary files. Thanks to Bryan
> >> Donlan <bdonlan@fushizen.net> for the patch. Closes: #482476
> >
> > Should this be urgency=high? (as per the devref section 5.8.5.3)
>
> Daniel, would you mind to contact security-team and prepare an upload too?
I'll take care of it when I get back from work this evening, if no-one
beats me to it.
Daniel
Reply to: