Please allow emacs-jabber 0.7.91-2 to testing
Hi,
emacs-jabber 0.7.91-2 fixes serious security problem reported in
Bug#496428. Please allow installing the update to lenny.
Here is the complete diff between 0.7.91-1 (currently in testing) and
0.7.91-2 (uploaded to unstable):
diff -ru emacs-jabber-0.7.91-1/debian/changelog emacs-jabber-0.7.91-2/debian/changelog
--- emacs-jabber-0.7.91-1/debian/changelog 2008-05-31 09:50:59.000000000 +0200
+++ emacs-jabber-0.7.91-2/debian/changelog 2008-08-26 15:42:41.000000000 +0200
@@ -1,3 +1,11 @@
+emacs-jabber (0.7.91-2) unstable; urgency=high
+
+ * Don't create the compilation log file in an insecure directory.
+ This fixes possible symlink attack reported as bug #496428.
+ Closes: #496428.
+
+ -- Milan Zamazal <pdm@debian.org> Tue, 26 Aug 2008 13:10:01 +0200
+
emacs-jabber (0.7.91-1) unstable; urgency=low
* New upstream (pretest) version.
diff -ru emacs-jabber-0.7.91-1/debian/emacs-jabber.emacsen-install emacs-jabber-0.7.91-2/debian/emacs-jabber.emacsen-install
--- emacs-jabber-0.7.91-1/debian/emacs-jabber.emacsen-install 2008-05-31 09:47:31.000000000 +0200
+++ emacs-jabber-0.7.91-2/debian/emacs-jabber.emacsen-install 2008-08-26 15:42:47.000000000 +0200
@@ -21,7 +21,7 @@
# Byte compile them
cd ${ELC_DIR}
- ${FLAVOR} -q --no-site-file --batch --eval "(setq load-path (cons \"${ELC_DIR}\" load-path))" -f batch-byte-compile *.el >>/tmp/${PACKAGE}.log 2>&1 || true
+ ${FLAVOR} -q --no-site-file --batch --eval "(setq load-path (cons \"${ELC_DIR}\" load-path))" -f batch-byte-compile *.el >compilation.log 2>&1 || true
# remove the redundant .el files
# presumes that any .el files in the <flavor> dir are trash.
rm ${ELC_DIR}/*.el
Regards,
Milan Zamazal
Reply to: