Re: Proposed patch to aptitude in stable to fix a low-impact security bug

To: Daniel Burrows <dburrows@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: Proposed patch to aptitude in stable to fix a low-impact security bug
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Mon, 25 Apr 2011 16:55:48 +0100
Message-id: <[🔎] 1303746948.3323.5704.camel@hathi.jungle.funky-badger.org>
In-reply-to: <[🔎] 1302125204.22008.896.camel@hathi.jungle.funky-badger.org>
References: <[🔎] 20110403144433.GB6093@windrider.lan> <[🔎] 1302125204.22008.896.camel@hathi.jungle.funky-badger.org>

Hi,

On Wed, 2011-04-06 at 22:26 +0100, Adam D. Barratt wrote:
> On Sun, 2011-04-03 at 07:44 -0700, Daniel Burrows wrote: 
> > The version of aptitude in stable contains a security bug that could
> > theoretically allow a symlink attack in /tmp.
[...]
> Thanks.  That does seem a rather narrow attack vector. :-)
> Nevertheless, assuming the patch has been tested in a squeeze
> environment and there aren't any other changes involved, please feel
> free to upload 0.6.3-3.2+squeeze1 to stable adding that patch.
> 
> If the same patch also applies to oldstable and has been tested there,
> then uploading an updated package for lenny would also be okay.

Any news on either of the uploads?

Regards,

Adam

Reply to:

References:
- Proposed patch to aptitude in stable to fix a low-impact security bug
  - From: Daniel Burrows <dburrows@debian.org>
- Re: Proposed patch to aptitude in stable to fix a low-impact security bug
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: v86d 0.1.10 for Squeeze?
Next by Date: Re: [SRM] kvirc 4:4.0.4-1 for stable-proposed-updates [2nd attempt]
Previous by thread: Re: Proposed patch to aptitude in stable to fix a low-impact security bug
Next by thread: v86d 0.1.10 for Squeeze?
Index(es):
- Date
- Thread