Bug#737239: pu: package localepurge/0.6.3+deb7u1
Control: tags -1 + pending
On Fri, 2014-01-31 at 19:36 +0100, Niels Thykier wrote:
> On 2014-01-31 19:28, Adam D. Barratt wrote:
> > On Fri, 2014-01-31 at 19:01 +0100, Niels Thykier wrote:
> >> I would like to fix #736359 / CVE-2014-1638 in Wheezy and Squeeze[0].
> >> According to the security tracker, the security team has classified
> >> the bug as "minor" and declared it does not need a DSA[1].
> >>
> >> The problem is that localepurge would create tmp files in an unsafe
> >> way. This allows a local user to have root destroy arbitrary files on the
> >> system (via a race-condition) during upgrades and purge of localepurge.
> >
> > Please go ahead; thanks. (Bearing in mind the impending window close for
> > 7.4 this weekend.)
[...]
> Thank you, I have dput'ed the package to FTP.
Flagged for acceptance; thanks.
Regards,
Adam
Reply to: