-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt, Martin Pitt, Matt Zimmerman
-
Date:
2009-04-30 09:08:29 UTC
-
mfrom:
(148.1.3 upstream)
-
Revision ID:
james.westby@ubuntu.com-20090430090829-ip40pdgv1wa95s1n
Tags: 1.1.1-0ubuntu1
[ Martin Pitt ]
* New upstream security update:
- etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting
that piped to rm. This also changes the find command to not use GNU
extensions. Thanks to Stephane Chazelas for discovering this!
(LP: #357024, CVE-2009-1295)
- Other fixes were already cherrypicked in the previous upload.
[ Matt Zimmerman ]
* package-hooks/source_linux.py: Attach info for linux-restricted-modules
and linux-backports-modules