Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

To: deity@lists.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
From: Daniel Burrows <dburrows@debian.org>
Date: Thu, 29 May 2008 20:42:56 -0700
Message-id: <[🔎] 20080530034256.GC13871@alpaca>
Mail-followup-to: deity@lists.debian.org, debian-release@lists.debian.org
In-reply-to: <[🔎] 20080529145238.GA13152@alpaca>
References: <E1K1ME9-0001BD-Tz@ries.debian.org> <20080523031907.20213.33086.reportbug@satoko.is.fushizen.net> <[🔎] handler.482476.D482476.121198463427731.ackdone@bugs.debian.org> <[🔎] 20080529025853.GA4947@alpaca> <[🔎] 87ej7lb7dr.fsf@neumann.lab.ossystems.com.br> <[🔎] 20080529145238.GA13152@alpaca>

On Thu, May 29, 2008 at 07:52:38AM -0700, Daniel Burrows <dburrows@debian.org> was heard to say:
> On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador <otavio@debian.org> was heard to say:
> > Daniel Burrows <dburrows@debian.org> writes:
> > 
> > > On Wed, May 28, 2008 at 02:27:55PM +0000, Debian Bug Tracking System <owner@bugs.debian.org> was heard to say:
> > >> Changes: 
> > >>  apt (0.7.14) unstable; urgency=low
> > >
> > >   [snip]
> > >
> > >>    [ Otavio Salvador ]
> > >>    * Apply patch to avoid truncating of arbitrary files. Thanks to Bryan
> > >>      Donlan <bdonlan@fushizen.net> for the patch. Closes: #482476
> > >
> > >   Should this be urgency=high?  (as per the devref section 5.8.5.3)
> > 
> > Daniel, would you mind to contact security-team and prepare an upload too?
> 
>   I'll take care of it when I get back from work this evening, if no-one
> beats me to it.

  Is there an apt bzr tree that I should be working from?  (for now I'll
just assume not, and work off the previous source)

  Daniel

Reply to:

Follow-Ups:
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Daniel Burrows <dburrows@debian.org>

References:
- Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Daniel Burrows <dburrows@debian.org>
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Otavio Salvador <otavio@debian.org>
- Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
  - From: Daniel Burrows <dburrows@debian.org>

Prev by Date: Bug#483611: on dist-upgrade, tries to execute directory /usr/lib/apt/methods/
Next by Date: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
Previous by thread: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
Next by thread: Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)
Index(es):
- Date
- Thread