On Mon, Dec 26, 2011 at 10:36:52PM +0000, Adam D. Barratt wrote: > tag 652107 - moreinfo + confirmed > thanks > > On 18.12.2011 22:12, Salvatore Bonaccorso wrote: > >Hey Adam > > > >On Sun, Dec 18, 2011 at 02:50:49PM +0000, Adam D. Barratt wrote: > >>tag 652107 + squeeze moreinfo > >>thanks > >> > >>On Wed, 2011-12-14 at 22:12 +0100, Salvatore Bonaccorso wrote: > >>> libpar-packer-perl 1.006-1 and libpar-perl 1.000-1 in Squeeze are > >>> affected by CVE-2011-4114: "PAR packed files are extracted to > >>unsafe > >>> and predictable temporary directories.". > [...] > >>It wasn't entirely clear from your mail, but have the packages > >>with the > >>patches applied been tested on squeeze? > > > >Yes, now I tested the packages on Squeeze. The build already contains > >some tests, which all pass, furthermore I did some testing with a par > >file, and the pp utility. They behave now detecting unsafe directory > >in /tmp if I create these manually with unsafe permissions. > > Please go ahead; sorry for the delay. No problem, I just wondered. Thanks Adam; I just uploaded the two. Regards Salvatore
Attachment:
signature.asc
Description: Digital signature