Re: Bug#631912: pidfile in /tmp, opened insecurely [CVE-2011-2765]
On Wed, 2011-08-24 at 14:32 -0400, Obey Arthur Liu wrote:
> On Wed, Aug 24, 2011 at 5:27 AM, Jonathan Wiltshire <jmw@debian.org> wrote:
> > Please prepare a minimal-changes upload targetting each of these suites,
> > and submit a debdiff to the Release Team [0] for consideration. They will
> > offer additional guidance or instruct you to upload your package.
>
> Please find attached the debdiffs for lenny and squeeze.
Thanks for working on this. A couple of comments:
+pyro (3.7-2+lenny1) oldstable-security; urgency=high
Please drop the -security from NEWS and changelog in both cases.
> No adaptation was necessary from sid.
In that case, either I'm missing something or the change is likely also
buggy in sid. Specifcially:
-PYRO_PID=/var/run/pyro-nsd.pid
[...]
status)
[...]
if [ -f "$PYRO_PID" ]; then
Regards,
Adam
Reply to: