Viewing all changes in revision 4.
- Committer: Bazaar Package Importer
- Date: 2006-02-08 12:11:46 UTC
- Revision ID: james.westby@ubuntu.com-20060208121146-hvixp1mfpikrpivg
* Add debian/patches/001_rsdh_fixes.patch: Security and bug fixes
for rshd, backported from 0.7.2 release:
- Move creation of users ticket file to later to avoid seteuid/setuid
dance. This allowed an authenticated user to overwrite and change the
owner of arbitrary files. [CVE-2006-0582]
- Disable DCE since above patch breaks it.
- Check return value from asprintf instead of string != NULL since it
is undefined behavior on Linux.
for rshd, backported from 0.7.2 release:
- Move creation of users ticket file to later to avoid seteuid/setuid
dance. This allowed an authenticated user to overwrite and change the
owner of arbitrary files. [CVE-2006-0582]
- Disable DCE since above patch breaks it.
- Check return value from asprintf instead of string != NULL since it
is undefined behavior on Linux.
- files added:
- debian/patches/001_rsdh_fixes.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
