Bug#637384: pu: package lintian/2.4.3+squeeze1
tag 637384 + confirmed
thanks
On Fri, 2011-08-12 at 10:09 +0200, Niels Thykier wrote:
> On 2011-08-11 19:51, Adam D. Barratt wrote:
> > On Wed, 2011-08-10 at 21:04 +0200, Niels Thykier wrote:
> >> I would like permission to backport the following security
> >> related patch to Lintian in stable. The security team has
> >> already told me that they were not interested in a security
> >> upload.
> >
> > I'm not surprised tbh, assuming that the issue indeed only allows file
> > existence testing, rather than content retrieval.
>
> As far as I can tell, there is no way to exploit the particular checks
> here to do content retrieval.
Cool.
> >> + + [NT] Fixed information disclosure issue, where Lintian could
> >> + be tricked into disclosing the present of files on the host
> >
> > As per other people's IRC poking - and the patch header :-) -
> > s/present/presence/.
[...]
> Fixed this one :)
Ta.
> >> +So far as it is copyrightable at all, this test case is
> >> + Copyright © 2009 Russ Allbery <rra@debian.org>
> >> + Copyright © 2009 Adam D. Barratt <adam@adam-barratt.org.uk>
> >
> > Hmmm, interesting...
> >
> Copy/waste from another test... I can fix it if you insist, but most of
> the tests in 2.4.3..2.5.1 suffers from the same issue.
Nah, I just forgot there were any test cases that I'd actually bothered
doing that with.
Please feel free to upload.
Regards,
Adam
Reply to: