Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

To: deity@lists.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
From: Daniel Burrows <dburrows@debian.org>
Date: Thu, 29 May 2008 07:52:38 -0700
Message-id: <[🔎] 20080529145238.GA13152@alpaca>
Mail-followup-to: deity@lists.debian.org, debian-release@lists.debian.org
In-reply-to: <[🔎] 87ej7lb7dr.fsf@neumann.lab.ossystems.com.br>
References: <E1K1ME9-0001BD-Tz@ries.debian.org> <20080523031907.20213.33086.reportbug@satoko.is.fushizen.net> <handler.482476.D482476.121198463427731.ackdone@bugs.debian.org> <[🔎] 20080529025853.GA4947@alpaca> <[🔎] 87ej7lb7dr.fsf@neumann.lab.ossystems.com.br>

On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador <otavio@debian.org> was heard to say:
> Daniel Burrows <dburrows@debian.org> writes:
> 
> > On Wed, May 28, 2008 at 02:27:55PM +0000, Debian Bug Tracking System <owner@bugs.debian.org> was heard to say:
> >> Changes: 
> >>  apt (0.7.14) unstable; urgency=low
> >
> >   [snip]
> >
> >>    [ Otavio Salvador ]
> >>    * Apply patch to avoid truncating of arbitrary files. Thanks to Bryan
> >>      Donlan <bdonlan@fushizen.net> for the patch. Closes: #482476
> >
> >   Should this be urgency=high?  (as per the devref section 5.8.5.3)
> 
> Daniel, would you mind to contact security-team and prepare an upload too?

  I'll take care of it when I get back from work this evening, if no-one
beats me to it.

  Daniel

Reply to:

Follow-Ups:
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Daniel Burrows <dburrows@debian.org>

References:
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Daniel Burrows <dburrows@debian.org>
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Otavio Salvador <otavio@debian.org>

Prev by Date: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
Next by Date: Re: RFC: expat transition or update - before or after lenny?
Previous by thread: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
Next by thread: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
Index(es):
- Date
- Thread