-
Committer:
Package Import Robot
-
Author(s):
Jonathan Wiltshire
-
Date:
2012-01-06 20:36:51 UTC
-
Revision ID:
package-import@ubuntu.com-20120106203651-k9gmtjk3eubnph5o
Tags: 68-1+lenny1
* Non-maintainer upload by the security team.
* Various security fixes in src/utils/mount.ecryptfs_private.c:
- chdir into mountpoint before checking permissions in (CVE-2011-1831,
CVE-2011-1832)
- modify mtab via a temp file first and make sure it succeeds before
replacing the real mtab (CVE-2011-1834)
- make sure we don't copy into a user controlled directory (CVE-2011-1835)
- also set gid and umask before updating mtab (CVE-2011-3145)