~ubuntu-branches/ubuntu/hardy/apport/hardy-security

Viewing all changes in revision 109.

  • Committer: Package Import Robot
  • Author(s): Jamie Strandboge
  • Date: 2009-04-29 08:32:35 UTC
  • mfrom: (108.1.2 hardy-proposed)
  • Revision ID: package-import@ubuntu.com-20090429083235-sr419eihtjjlhhka
Tags: 0.108.4
* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
  descend into subdirectories of /var/crash/. Doing so might be exploited by
  a race condition between find traversing a huge directory tree, changing
  an existing subdir into a symlink to e. g. /etc/, and finally getting that
  piped to rm. Patch based on work from Martin Pitt. Thanks to Stephane
  Chazelas for discovering this!
  - LP: #357024
  - CVE-2009-1295

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: