-
Committer:
Jackson Doak
-
Date:
2014-10-28 20:22:44 UTC
-
mfrom:
(0.1.16 sid)
-
Revision ID:
noskcaj@ubuntu.com-20141028202244-hftxnz6930qv1h4l
* Merge from debian. Remaining changes:
- Build using dh-autoreconf.
- Specified multiarch Tcl and Tk locations during configure,
fixing FTBFS.
* Non-maintainer upload.
* Add CVE-2014-3684.patch patch.
CVE-2014-3684: Within a TORQUE Resource Manager job, the tm_adopt()
TORQUE library call enables a user-built executable calling tm_adopt()
to adopt any session id (and its child processes) regardless of the
session id owner on any node within a job. When a job that includes the
executable calling tm_adopt() exits, the adopted processes are killed
along with the job processes during normal job cleanup. This can enable
a non-root user to kill processes he doesn't own including root-owned
ones on any node in a job. (Closes: #763922)