Bug#737239: pu: package localepurge/0.6.3+deb7u1

To: 737239@bugs.debian.org
Subject: Bug#737239: pu: package localepurge/0.6.3+deb7u1
From: Niels Thykier <niels@thykier.net>
Date: Fri, 31 Jan 2014 19:36:42 +0100
Message-id: <[🔎] 52EBED3A.6010504@thykier.net>
Reply-to: Niels Thykier <niels@thykier.net>, 737239@bugs.debian.org
In-reply-to: <[🔎] 1391192930.24075.7.camel@jacala.jungle.funky-badger.org>
References: <[🔎] 20140131180141.21358.64296.reportbug@mangetsu.thykier.net> <[🔎] 1391192930.24075.7.camel@jacala.jungle.funky-badger.org>

On 2014-01-31 19:28, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2014-01-31 at 19:01 +0100, Niels Thykier wrote:
>> I would like to fix #736359 / CVE-2014-1638 in Wheezy and Squeeze[0].
>> According to the security tracker, the security team has classified
>> the bug as "minor" and declared it does not need a DSA[1].
>>
>> The problem is that localepurge would create tmp files in an unsafe
>> way.  This allows a local user to have root destroy arbitrary files on the
>> system (via a race-condition) during upgrades and purge of localepurge.
> 
> Please go ahead; thanks. (Bearing in mind the impending window close for
> 7.4 this weekend.)
> 
> Regards,
> 
> Adam
> 
> 

Thank you, I have dput'ed the package to FTP.

~Niels

Reply to:

Follow-Ups:
- Bug#737239: pu: package localepurge/0.6.3+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#737239: pu: package localepurge/0.6.3+deb7u1
  - From: Niels Thykier <niels@thykier.net>
- Bug#737239: pu: package localepurge/0.6.3+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: NEW changes in stable-new
Next by Date: Bug#737244: transition: cyrus-sasl2
Previous by thread: Bug#737239: pu: package localepurge/0.6.3+deb7u1
Next by thread: Bug#737239: pu: package localepurge/0.6.3+deb7u1
Index(es):
- Date
- Thread