On Thu, 2014-05-01 at 07:38:41 +0200, Guillem Jover wrote: > On Thu, 2014-05-01 at 06:54:30 +0200, Guillem Jover wrote: > > On Wed, 2014-04-30 at 18:14:29 +0200, Javier Serrano Polo wrote: > > > Package: dpkg > > > Version: 1.15.8.13 1.16.12 > > > Tags: security > > > > > Directory traversal was already possible. I have suggested a solution. > > > That is the way I fixed it: dry run, let the patch tool say what files > > > will be touched. Another solution would be to stop using an external > > > tool. > > > > Ok, now I'm confused, do you mean there's another security problem? > > If so, I'd appreciate if you could send me a PoC package.
Ok, I decided to take a look just now, and I've found one issue, although as I don't know if it's the same we might end up having to prepare multiple security updates… I'll provide more details to the security team in private, and start preparing fixed packages for all suites. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
