[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#631912: pidfile in /tmp, opened insecurely [CVE-2011-2765]



On Wed, 2011-08-24 at 14:32 -0400, Obey Arthur Liu wrote:
> On Wed, Aug 24, 2011 at 5:27 AM, Jonathan Wiltshire <jmw@debian.org> wrote:
> > Please prepare a minimal-changes upload targetting each of these suites,
> > and submit a debdiff to the Release Team [0] for consideration. They will
> > offer additional guidance or instruct you to upload your package.
> 
> Please find attached the debdiffs for lenny and squeeze.

Thanks for working on this.  A couple of comments:

+pyro (3.7-2+lenny1) oldstable-security; urgency=high

Please drop the -security from NEWS and changelog in both cases.

> No adaptation was necessary from sid.

In that case, either I'm missing something or the change is likely also
buggy in sid.  Specifcially:

-PYRO_PID=/var/run/pyro-nsd.pid
[...]
    status)
[...]
            if [ -f "$PYRO_PID" ]; then

Regards,

Adam


Reply to: