Bug#780900: unblock: ecryptfs-utils/103-4
Control: tags -1 moreinfo
On 2015-03-21 09:45, László Böszörményi (GCS) wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
>
> Hi Release Team,
>
> I've recently fixed CVE-2014-9687 [1] with the upload of
> ecryptfs-utils, which is a fix for a user security hole[2]. Please
> unblock and let it migrate to Jessie.
> Debfiff is attached as usual.
>
> Thanks,
> Laszlo/GCS
>
> unblock ecryptfs-utils/103-4
>
> [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9687
> [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780385
>
Hi,
Thanks for reporting this. Unfortunately, I do have a concern with one
of the changes.
* The function "static int read_v1_wrapped_passphrase_file":
- The documentation says it will return negatively on failure, but
AFAICT it will unconditionally return 0.
- I guess the last line should have been "return rc" rather than
"return 0".
Thanks,
~Niels
Reply to: