Viewing all changes in revision 119.
- Committer: Package Import Robot
- Date: 2009-04-29 08:34:14 UTC
- Revision ID: package-import@ubuntu.com-20090429083414-7w2zwln611gbc0ng
[ Martin Pitt ]
* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting that
piped to rm. Patch based on work by Martin Pitt. Thanks to Stephane
Chazelas for discovering this!
- LP: #357024
- CVE-2009-1295
* etc/cron.daily/apport: Only attempt to remove files and symlinks, do not
descend into subdirectories of /var/crash/. Doing so might be exploited by
a race condition between find traversing a huge directory tree, changing
an existing subdir into a symlink to e. g. /etc/, and finally getting that
piped to rm. Patch based on work by Martin Pitt. Thanks to Stephane
Chazelas for discovering this!
- LP: #357024
- CVE-2009-1295
- files modified:
- debian/apport.cron.daily
expand all
collapse all
added
removed
