Hi,
I have just uploaded a few packages meant for lenny.
glib2.0 (2.16.6-3) stable; urgency=low
.
* SECURITY: 13_permissions_CVE-2009-3289.patch:
+ The g_file_copy function in glib 2.0 sets the permissions of a
target file to the permissions of a symbolic link (777), which
allows user-assisted local users to modify files of other users,
as demonstrated by using Nautilus to modify the permissions of the
user home directory.
+ Concatenation of 3 upstream patches, fixes CVE-2009-3289.
I was warned of this one by the security tracker. It doesn’t affect
nautilus in lenny but might affect other applications using g_file_copy.
totem (2.22.2-6) stable; urgency=low
.
* 30_fix_youtube_plugin.patch: update patch according to recent
upstream changes. This matches the change on the server side and
makes the plugin functional again.
Youtube changed again its interface (statistically it happens once a
year), so the package needs a matching change as well. It’s just a
changed regexp, I also added an escaping fix.
Note that for squeeze, it would be better if that plugin could be
handled through volatile, but currently it is shipped in the same
tarball as the rest of totem. How do you think this should be done?
gnome-system-tools (2.22.0-4) stable; urgency=low
.
* Backport a pair of RC bug fixes.
+ 26_users_home_dir.patch: patch from Ubuntu to allow changing root
properties without making /home/root the new home directory.
Closes: #488252.
+ 85_users_fix_add_group.patch: patch from Ubuntu to always allow to
create groups. Closes: #488249.
These are two nasty bugs, fixed in unstable a while ago.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “I recommend you to learn English in hope that you in
`- future understand things” -- Jörg Schilling
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=