Re: Permission to upload geordi 0:20080725T0146-1+lenny1?

To: Chris Lamb <lamby@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: Permission to upload geordi 0:20080725T0146-1+lenny1?
From: Luk Claes <luk@debian.org>
Date: Thu, 29 Jan 2009 07:29:03 +0100
Message-id: <[🔎] 49814CAF.5000909@debian.org>
In-reply-to: <[🔎] 20090128224221.29dcbbf1@sakaki.chris-lamb.co.uk>
References: <[🔎] 20090128224221.29dcbbf1@sakaki.chris-lamb.co.uk>

Chris Lamb wrote:
> Hi -release,
> 
> I would like to upload geordi 0:20080725T0146-1+lenny1 to t-p-u to fix a
> DoS issue. The relevant changelog entry is:
> 
>  geordi (0:20080725T0146-1+lenny1) testing-proposed-updates; urgency=low
> 
>    * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream
>      writes:
> 
>        By using fcntl with F_SETOWN to make the geordi process the owner of
>        its stdout and then using fcntl again to set O_ASYNC on stdout, the
>        C++ program could have the geordi process receive SIGIO, causing it
>        to shut down.
> 
>        We only allowed fcntl because g++ appeared to need it. Upon closer
>        inspection, it turns out g++ only uses it to check some flags on the
>        precompiled header fd, and the system call can just be ignored
>        altogether.
> 
>      Patch backported from upstream darcs repository.
> 
> The debdiff is attached to this mail. I will be making the parallel change
> to sid's version this evening.

Ok, please upload.

Cheers

Luk

Reply to:

References:
- Permission to upload geordi 0:20080725T0146-1+lenny1?
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Re: Please unblock mono 1.9.1+dfsg-6
Next by Date: 'trustedqsl' still removed from testing due to #511509
Previous by thread: Permission to upload geordi 0:20080725T0146-1+lenny1?
Next by thread: new upstream gEDA bug fix release
Index(es):
- Date
- Thread