Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
On Thu, May 29, 2008 at 07:52:38AM -0700, Daniel Burrows <dburrows@debian.org> was heard to say:
> On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador <otavio@debian.org> was heard to say:
> > Daniel Burrows <dburrows@debian.org> writes:
> >
> > > On Wed, May 28, 2008 at 02:27:55PM +0000, Debian Bug Tracking System <owner@bugs.debian.org> was heard to say:
> > >> Changes:
> > >> apt (0.7.14) unstable; urgency=low
> > >
> > > [snip]
> > >
> > >> [ Otavio Salvador ]
> > >> * Apply patch to avoid truncating of arbitrary files. Thanks to Bryan
> > >> Donlan <bdonlan@fushizen.net> for the patch. Closes: #482476
> > >
> > > Should this be urgency=high? (as per the devref section 5.8.5.3)
> >
> > Daniel, would you mind to contact security-team and prepare an upload too?
>
> I'll take care of it when I get back from work this evening, if no-one
> beats me to it.
Is there an apt bzr tree that I should be working from? (for now I'll
just assume not, and work off the previous source)
Daniel
Reply to: