Bug#737251: pu: package localepurge/0.6.2+nmu1+squeeze1

["Adam D. Barratt" <adam@adam-barratt.org.uk>]

Control: tags -1 + pending

On Fri, 2014-01-31 at 22:58 +0100, Niels Thykier wrote:
> On 2014-01-31 22:21, Adam D. Barratt wrote:
> > On Fri, 2014-01-31 at 20:45 +0100, Niels Thykier wrote:
> >> I would like to fix #736359 / CVE-2014-1638 in Squeeze.  According to
> >> the security tracker, the security team has classified the bug as
> >> "minor" and declared it does not need a DSA[1].
> >>
> >> The problem is that localepurge would create tmp files in an unsafe
> >> way.  This allows a local user to have root destroy arbitrary files on the
> >> system (via a race-condition) during upgrades and purge of localepurge.
> > 
> > Please go ahead; thanks.
[...]
> Uploaded, thanks.

Flagged for acceptance.

Regards,

Adam