-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2011-10-13 10:55:35 UTC
-
Revision ID:
james.westby@ubuntu.com-20111013105535-a2f6u6cxozpmxlwq
Tags: 2:1.10.4-1ubuntu4.1
* SECURITY UPDATE: file existence disclosure
- debian/patches/508_CVE-2011-4028.patch: open lockfile with O_NOFOLLOW
in os/utils.c.
- CVE-2011-4028
* SECURITY UPDATE: privilege escalation via file permission change
- debian/patches/509_CVE-2011-4029.patch: use fchmod to prevent race
in os/utils.c.
- CVE-2011-4029