-
Committer:
Package Import Robot
-
Author(s):
Jamie Strandboge, Martin Pitt
-
Date:
2009-04-29 08:34:14 UTC
-
Revision ID:
package-import@ubuntu.com-20090429083414-7w2zwln611gbc0ng
Tags: 0.119.2
[ Martin Pitt ]
* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting that
piped to rm. Patch based on work by Martin Pitt. Thanks to Stephane
Chazelas for discovering this!
- LP: #357024
- CVE-2009-1295