[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#737251: pu: package localepurge/0.6.2+nmu1+squeeze1

On 2014-01-31 22:21, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Fri, 2014-01-31 at 20:45 +0100, Niels Thykier wrote:
>> I would like to fix #736359 / CVE-2014-1638 in Squeeze.  According to
>> the security tracker, the security team has classified the bug as
>> "minor" and declared it does not need a DSA[1].
>>
>> The problem is that localepurge would create tmp files in an unsafe
>> way.  This allows a local user to have root destroy arbitrary files on the
>> system (via a race-condition) during upgrades and purge of localepurge.
> 
> Please go ahead; thanks.
> 
> Regards,
> 
> Adam
> 
> 

Uploaded, thanks.

~Niels
Reply to: