-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-10-13 11:03:44 UTC
-
mfrom:
(215.1.2 natty-proposed)
-
Revision ID:
james.westby@ubuntu.com-20111013110344-iexo0cjrj3m0w9l8
Tags: 2:1.10.1-1ubuntu1.3
* SECURITY UPDATE: file existence disclosure
- debian/patches/505_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
in os/utils.c.
- CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
- debian/patches/506_CVE-2011-4029.patch: use fchmod to prevent race
in os/utils.c.
- CVE-2011-4029