~ubuntu-branches/ubuntu/lucid/acpid/lucid-security

Viewing all changes in revision 33.

  • Committer: Package Import Robot
  • Author(s): Tyler Hicks
  • Date: 2011-12-07 16:35:39 UTC
  • Revision ID: package-import@ubuntu.com-20111207163539-drdsa0gj2zvghepu
Tags: 1.0.10-5ubuntu2.5
* SECURITY UPDATE: Arbitrary code execution in the power button handling
  script (LP: #893821)
  - debian/powerbtn.sh: Ensure that the DBUS_SESSION_BUS_ADDRESS environment
    variable is only read from a process owned by the user that will be
    evaluating the variable.
  - CVE-2011-2777
* SECURITY UPDATE: Unprivileged users may be able to write to directories
  and read files created by event handler scripts
  - event.c: Set a restrictive umask of 0077 before running an event handler
    script. Based on upstream patch.
  - CVE-2011-4578

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: