Re: Bug#631912: pidfile in /tmp, opened insecurely [CVE-2011-2765]

To: Jonathan Wiltshire <jmw@debian.org>
Cc: Obey Arthur Liu <arthur@milliways.fr>, debian-release@lists.debian.org, Luke Faraone <lfaraone@debian.org>, Gustavo Goretkin <gustavo.goretkin@gmail.com>
Subject: Re: Bug#631912: pidfile in /tmp, opened insecurely [CVE-2011-2765]
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Thu, 12 Jan 2012 21:35:53 +0000
Message-id: <[🔎] 1326404153.22747.21.camel@jacala.jungle.funky-badger.org>
In-reply-to: <20110902230722.GB9765@lupin.home.powdarrmonkey.net>
References: <20110824092711.30739.58899.reportbug@lupin> <4E5543B5.9050908@milliways.fr> <1314212597.24278.5.camel@hathi.jungle.funky-badger.org> <20110902230722.GB9765@lupin.home.powdarrmonkey.net>

On Sat, 2011-09-03 at 00:07 +0100, Jonathan Wiltshire wrote:
> On Wed, Aug 24, 2011 at 08:03:16PM +0100, Adam D. Barratt wrote:
> > On Wed, 2011-08-24 at 14:32 -0400, Obey Arthur Liu wrote:
> > > On Wed, Aug 24, 2011 at 5:27 AM, Jonathan Wiltshire <jmw@debian.org> wrote:
> > Thanks for working on this.  A couple of comments:
> > 
> > +pyro (3.7-2+lenny1) oldstable-security; urgency=high
> > 
> > Please drop the -security from NEWS and changelog in both cases.
> > 
> > > No adaptation was necessary from sid.
> > 
> > In that case, either I'm missing something or the change is likely also
> > buggy in sid.  Specifcially:
> > 
> > -PYRO_PID=/var/run/pyro-nsd.pid
> > [...]
> >     status)
> > [...]
> >             if [ -f "$PYRO_PID" ]; then
> 
> Any progress on this?

Ping?

Regards,

Adam

Reply to:

Prev by Date: Re: Bugfix for #646434 in Squeeze?
Next by Date: Bug#630251: patch for proposed updates / rdesktop sometimes fails to transfer files from win2k8
Previous by thread: Re: Bugfix for #646434 in Squeeze?
Next by thread: Bug#630251: patch for proposed updates / rdesktop sometimes fails to transfer files from win2k8
Index(es):
- Date
- Thread