On 23/09/17 18:52, Emilio Pozuelo Monfort wrote: > Hi, > > On 10/07/17 16:32, Gianfranco Costamagna wrote: >> Hello Roger, >> >>> Here you go. Build and runtime tested. > > Thanks for working on this. Does this take care of updating the permissions > when > the file already exists? Doesn't seem to from my quick standalone test with a > simple C program. Maybe this ought to call chmod as well for existing > installations.
Oh, upstream seems to call unlink() first, so this will always create a new file and so the umask will be taken into account. So no need for a chmod call there afaics, sorry for the noise. Cheers, Emilio > >> we should really patch also jessie, stretch and sid, right? > > Yep, that'd be good. Currently this vulnerability is marked as no-dsa for > stretch and jessie, so the security team may prefer that you fix this via a > point release update, but please check with them. No excuse for not fixing > this > in sid though. :) > > Cheers, > Emilio >
