-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-02-08 12:11:46 UTC
-
Revision ID:
james.westby@ubuntu.com-20060208121146-hvixp1mfpikrpivg
Tags: 0.7.1-1ubuntu2
* Add debian/patches/001_rsdh_fixes.patch: Security and bug fixes
for rshd, backported from 0.7.2 release:
- Move creation of users ticket file to later to avoid seteuid/setuid
dance. This allowed an authenticated user to overwrite and change the
owner of arbitrary files. [CVE-2006-0582]
- Disable DCE since above patch breaks it.
- Check return value from asprintf instead of string != NULL since it
is undefined behavior on Linux.