Re: Bug#631912: pidfile in /tmp, opened insecurely [CVE-2011-2765]
On Sat, 2011-09-03 at 00:07 +0100, Jonathan Wiltshire wrote:
> On Wed, Aug 24, 2011 at 08:03:16PM +0100, Adam D. Barratt wrote:
> > On Wed, 2011-08-24 at 14:32 -0400, Obey Arthur Liu wrote:
> > > On Wed, Aug 24, 2011 at 5:27 AM, Jonathan Wiltshire <jmw@debian.org> wrote:
> > Thanks for working on this. A couple of comments:
> >
> > +pyro (3.7-2+lenny1) oldstable-security; urgency=high
> >
> > Please drop the -security from NEWS and changelog in both cases.
> >
> > > No adaptation was necessary from sid.
> >
> > In that case, either I'm missing something or the change is likely also
> > buggy in sid. Specifcially:
> >
> > -PYRO_PID=/var/run/pyro-nsd.pid
> > [...]
> > status)
> > [...]
> > if [ -f "$PYRO_PID" ]; then
>
> Any progress on this?
Ping?
Regards,
Adam
Reply to: