Bug#737251: pu: package localepurge/0.6.2+nmu1+squeeze1
Control: tags -1 + confirmed
On Fri, 2014-01-31 at 20:45 +0100, Niels Thykier wrote:
> I would like to fix #736359 / CVE-2014-1638 in Squeeze. According to
> the security tracker, the security team has classified the bug as
> "minor" and declared it does not need a DSA[1].
>
> The problem is that localepurge would create tmp files in an unsafe
> way. This allows a local user to have root destroy arbitrary files on the
> system (via a race-condition) during upgrades and purge of localepurge.
Please go ahead; thanks.
Regards,
Adam
Reply to: