--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: opu: package mksh/28.0-2
- From: Thorsten Glaser <tg@mirbsd.de>
- Date: Wed, 07 Oct 2009 16:14:54 +0000
- Message-id: <20091007161454.9167.40267.reportbug@www.freewrt.org>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: opu
Fix CVE-2008-1845. History:
I prepared a package with the fix backported and sent it to
the security team. I was told that it is not severe enough
to warrant a DSA. I responded that I agree but it should still
be updated. Now I see on the QA page that I "should fix it".
This is why I dug out the old .dsc (debdiff attached) and now
would like to request that someone upload this (I'm only a DM,
not a DD).
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
diff -Nru /tmp/kByzvWMkp5/mksh-28.0/debian/changelog /tmp/ptjKC8eoqk/mksh-28.0/debian/changelog
- --- /tmp/kByzvWMkp5/mksh-28.0/debian/changelog 2009-10-07 18:08:16.000000000 +0200
+++ /tmp/ptjKC8eoqk/mksh-28.0/debian/changelog 2009-10-07 18:08:17.000000000 +0200
@@ -1,3 +1,10 @@
+mksh (28.0-3) unstable; urgency=high
+
+ * Fix CVE-2008-1845 (unauthenticated local privilege escalation)
+ using upstream-provided diff
+
+ -- Thorsten Glaser <tg@mirbsd.de> Thu, 17 Apr 2008 21:55:05 +0000
+
mksh (28.0-2) unstable; urgency=low
* Fix unaligned memory access on IA-64 (same fix was applied
diff -Nru /tmp/kByzvWMkp5/mksh-28.0/misc.c /tmp/ptjKC8eoqk/mksh-28.0/misc.c
- --- /tmp/kByzvWMkp5/mksh-28.0/misc.c 2006-08-24 22:33:16.000000000 +0200
+++ /tmp/ptjKC8eoqk/mksh-28.0/misc.c 2009-10-07 18:08:17.000000000 +0200
@@ -1437,6 +1437,8 @@
return "setsid";
if (ioctl(fd, TIOCSCTTY, NULL) == -1)
return "ioctl";
+ if (tcflush(fd, TCIOFLUSH))
+ return "tcflush";
dup2(fd, 0);
dup2(fd, 1);
dup2(fd, 2);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MirBSD)
iQIVAwUBSsy9NXa1NLLpkAfgAQPcbA/9ENGDIXCGgWJK/jGPrms2E78U42TdYOf3
rXf4c4vQAF7b9vJ4RVKn0s99aqPQcoeFGrsYLfzh9f8lLICPw9mXtWI6L5Va4HrI
pLfrLGpEDdfDd1cBFr5yxJPgiqwZk3DjWtmasQIjEgqAXKAL0hARlBEvyl7r2jOS
wCv8gfTevqpu7re1WQybnB5Sl6x2WNrZeyKLVQmBliChl+7o4GSZz2YuM0CEOQJr
6kV8ExS8lGdu5RziNuzzpvmEExjbXaIyyPYS3shzKaVSjjxQgcLvijc7A113sQtz
btSQ63Dg3dzPW5cRsBbo50+sEwQt3LKPQFID4DonbnJPh/5wgieraY7d3xLv+mfs
fQWbpY/tiRn7C6cujJHk+Qwuo7c0V3W0DGqPZJaL6Ohp5nnD+sNiJCY4fvflZPYB
CGvU/ntmTRVIVCvVxGt1Kdv8oqUPgPzwpD3/2VNcVl82WDLsTahsxi/5vb9TX8vU
cEDoTUT8JbMBH3sVeYI6qz9po7XUwvtpdzNNdMa5b/J3o7Vrpa4dshWO3BT7Wzff
zqe2ep3kuE6ZANDbxo518Ru+QInecN9Kabl7UaBqb34paDJdB/MV9Oclx6PgSqKP
4EbpgoLAq0NKz5/0Cbj0xs1fXaYsoxOR/5GEOx2LyJmKhFvcm6OYd5Mm0z2/3fUc
iWuIulr4c5o=
=vXmH
-----END PGP SIGNATURE-----
--- End Message ---