[SRM] bzip2 update

To: debian-release@lists.debian.org
Subject: [SRM] bzip2 update
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 26 Dec 2011 14:26:07 +0100
Message-id: <[🔎] 20111226132607.GA10976@pisco.westfalen.local>

Hi,
I'd like to fix CVE-2011-4089 for the next point update.
debdiff below.

Cheers,
        Moritz

diff -u bzip2-1.0.5/bzexe bzip2-1.0.5/bzexe
--- bzip2-1.0.5/bzexe
+++ bzip2-1.0.5/bzexe
@@ -125,7 +125,7 @@
   umask $umask
   /bin/chmod 700 $tmpfile
   prog="`echo $0 | /bin/sed 's|^.*/||'`"
-  if /bin/ln $tmpfile "/tmp/$prog" 2>/dev/null; then
+  if /bin/ln -T $tmpfile "/tmp/$prog" 2>/dev/null; then
     trap '/bin/rm -f $tmpfile "/tmp/$prog"; exit $res' 0
     (/bin/sleep 5; /bin/rm -f $tmpfile "/tmp/$prog") 2>/dev/null &
     /tmp/"$prog" ${1+"$@"}; res=$?
diff -u bzip2-1.0.5/debian/changelog bzip2-1.0.5/debian/changelog
--- bzip2-1.0.5/debian/changelog
+++ bzip2-1.0.5/debian/changelog
@@ -1,3 +1,10 @@
+bzip2 (1.0.5-6+squeeze1) stable; urgency=low
+
+  * Non-maintainer upload by the Security Team
+  * Fix CVE-2011-4089, thanks to vladz (Closes: #632862)
+
+ -- Moritz Muehlenhoff <jmm@debian.org>  Mon, 26 Dec 2011 11:39:27 +0000
+
 bzip2 (1.0.5-6) unstable; urgency=high
 
   * Fix integer overflow

Reply to:

Follow-Ups:
- Re: [SRM] bzip2 update
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: NEW changes in oldproposedupdates
Next by Date: NEW changes in proposedupdates
Previous by thread: Processed: block 653195 with 648559, owner 653195
Next by thread: Re: [SRM] bzip2 update
Index(es):
- Date
- Thread