Viewing all changes in revision 155.
- Committer: Bazaar Package Importer
- Date: 2009-04-30 09:08:29 UTC
- mfrom: (148.1.3 upstream)
- Revision ID: james.westby@ubuntu.com-20090430090829-ip40pdgv1wa95s1n
[ Martin Pitt ]
* New upstream security update:
- etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting
that piped to rm. This also changes the find command to not use GNU
extensions. Thanks to Stephane Chazelas for discovering this!
(LP: #357024, CVE-2009-1295)
- Other fixes were already cherrypicked in the previous upload.
[ Matt Zimmerman ]
* package-hooks/source_linux.py: Attach info for linux-restricted-modules
and linux-backports-modules
* New upstream security update:
- etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting
that piped to rm. This also changes the find command to not use GNU
extensions. Thanks to Stephane Chazelas for discovering this!
(LP: #357024, CVE-2009-1295)
- Other fixes were already cherrypicked in the previous upload.
[ Matt Zimmerman ]
* package-hooks/source_linux.py: Attach info for linux-restricted-modules
and linux-backports-modules
expand all
collapse all
added
removed
