[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#637384: pu: package lintian/2.4.3+squeeze1

tag 637384 + squeeze
thanks

On Wed, 2011-08-10 at 21:04 +0200, Niels Thykier wrote:
> I would like permission to backport the following security
> related patch to Lintian in stable.  The security team has
> already told me that they were not interested in a security
> upload.

I'm not surprised tbh, assuming that the issue indeed only allows file
existence testing, rather than content retrieval.

> +lintian (2.4.3+squeeze1) stable; urgency=low
> +
> +  * checks/debian-source-dir:
> +    + [NT] Fixed information disclosure issue, where Lintian could
> +      be tricked into disclosing the present of files on the host

As per other people's IRC poking - and the patch header :-) -
s/present/presence/.

> +      system via specially crafted source packages.
[...]
> +So far as it is copyrightable at all, this test case is
> +   Copyright © 2009 Russ Allbery <rra@debian.org>
> +   Copyright © 2009 Adam D. Barratt <adam@adam-barratt.org.uk>

Hmmm, interesting...

Regards,

Adam
Reply to: