Re: Bug#631912: pidfile in /tmp, opened insecurely [CVE-2011-2765]
On Thu, 2012-01-12 at 21:35 +0000, Adam D. Barratt wrote:
> On Sat, 2011-09-03 at 00:07 +0100, Jonathan Wiltshire wrote:
> > On Wed, Aug 24, 2011 at 08:03:16PM +0100, Adam D. Barratt wrote:
> > > On Wed, 2011-08-24 at 14:32 -0400, Obey Arthur Liu wrote:
> > > > On Wed, Aug 24, 2011 at 5:27 AM, Jonathan Wiltshire <jmw@debian.org> wrote:
> > > Thanks for working on this. A couple of comments:
> > >
> > > +pyro (3.7-2+lenny1) oldstable-security; urgency=high
> > >
> > > Please drop the -security from NEWS and changelog in both cases.
> > >
> > > > No adaptation was necessary from sid.
> > >
> > > In that case, either I'm missing something or the change is likely also
> > > buggy in sid. Specifcially:
> > >
> > > -PYRO_PID=/var/run/pyro-nsd.pid
> > > [...]
> > > status)
> > > [...]
> > > if [ -f "$PYRO_PID" ]; then
> >
> > Any progress on this?
>
> Ping?
Re-ping.
Regards,
Adam
Reply to: