Bug#652107: pu: package libpar-packer-perl/1.006-1 and libpar-perl/1.000-1
tag 652107 + squeeze moreinfo
thanks
On Wed, 2011-12-14 at 22:12 +0100, Salvatore Bonaccorso wrote:
> libpar-packer-perl 1.006-1 and libpar-perl 1.000-1 in Squeeze are
> affected by CVE-2011-4114: "PAR packed files are extracted to unsafe
> and predictable temporary directories.".
[...]
> The debdiffs I would propose are attached. I have one further
> question, would you accept addition of these patches (adapted) [3] and
> [4]?
>
> [3] http://search.cpan.org/diff?from=PAR-Packer-1.011&to=PAR-Packer-1.012&w=1
> [4] http://search.cpan.org/diff?from=PAR-1.004&to=PAR-1.005&w=1
Yes, those patches should be okay to include. I'd like to see final
debdiffs before giving a final ACK though.
It wasn't entirely clear from your mail, but have the packages with the
patches applied been tested on squeeze?
Regards,
Adam
Reply to: