-
Committer:
Package Import Robot
-
Author(s):
Jonathan Wiltshire
-
Date:
2012-01-04 22:01:03 UTC
-
Revision ID:
package-import@ubuntu.com-20120104220103-gj13d2xquel2187f
Tags: 83-4+squeeze1
* Non-maintainer upload by the security team.
* Various security fixes:
- debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
before checking permissions in src/utils/mount.ecryptfs_private.c.
(CVE-2011-1831, CVE-2011-1832)
- debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
file first and make sure it succeeds before replacing the real mtab
in src/utils/mount.ecryptfs_private.c. (CVE-2011-1834)
- debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
user controlled directory in src/utils/ecryptfs-setup-private.
(CVE-2011-1835)
- debian/patches/CVE-2011-1837.patch: verify permissions with a file
descriptor, and don't follow symlinks in
src/utils/mount.ecryptfs_private.c. (CVE-2011-1837)
- debian/patches/CVE-2011-3145.patch: also set gid and umask before
updating mtab in src/utils/mount.ecryptfs_private.c. (CVE-2011-3145)