-
Committer:
Package Import Robot
-
Author(s):
Jamie Strandboge
-
Date:
2009-04-29 08:32:35 UTC
-
mfrom:
(108.1.2 hardy-proposed)
-
Revision ID:
package-import@ubuntu.com-20090429083235-sr419eihtjjlhhka
Tags: 0.108.4
* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting that
piped to rm. Patch based on work from Martin Pitt. Thanks to Stephane
Chazelas for discovering this!
- LP: #357024
- CVE-2009-1295