Bug#637384: pu: package lintian/2.4.3+squeeze1
tag 637384 + squeeze
thanks
On Wed, 2011-08-10 at 21:04 +0200, Niels Thykier wrote:
> I would like permission to backport the following security
> related patch to Lintian in stable. The security team has
> already told me that they were not interested in a security
> upload.
I'm not surprised tbh, assuming that the issue indeed only allows file
existence testing, rather than content retrieval.
> +lintian (2.4.3+squeeze1) stable; urgency=low
> +
> + * checks/debian-source-dir:
> + + [NT] Fixed information disclosure issue, where Lintian could
> + be tricked into disclosing the present of files on the host
As per other people's IRC poking - and the patch header :-) -
s/present/presence/.
> + system via specially crafted source packages.
[...]
> +So far as it is copyrightable at all, this test case is
> + Copyright © 2009 Russ Allbery <rra@debian.org>
> + Copyright © 2009 Adam D. Barratt <adam@adam-barratt.org.uk>
Hmmm, interesting...
Regards,
Adam
Reply to: