Hey Adam
On Sun, Dec 18, 2011 at 02:50:49PM +0000, Adam D. Barratt wrote:
tag 652107 + squeeze moreinfo
thanks
On Wed, 2011-12-14 at 22:12 +0100, Salvatore Bonaccorso wrote:
> libpar-packer-perl 1.006-1 and libpar-perl 1.000-1 in Squeeze are
> affected by CVE-2011-4114: "PAR packed files are extracted to
unsafe
> and predictable temporary directories.".
It wasn't entirely clear from your mail, but have the packages with
the
patches applied been tested on squeeze?
Yes, now I tested the packages on Squeeze. The build already contains
some tests, which all pass, furthermore I did some testing with a par
file, and the pp utility. They behave now detecting unsafe directory
in /tmp if I create these manually with unsafe permissions.