I'm neither a DD nor a DM, should I just get my normal sponsor to upload or if not then who?
Cheers, Roger On 10 February 2018 at 11:31, Julien Cristau <[email protected]> wrote: > Control: tag -1 - moreinfo > Control: tag -1 confirmed > > OK, go ahead and upload then. > > Cheers, > Julien > > On Sat, Feb 10, 2018 at 11:13:06 +0000, Roger Light wrote: > >> Thanks for taking a look at this. >> >> The application only creates this file and log files, so I don't >> believe it should have any other impact. >> >> Regards, >> >> Roger >> >> >> On 10 February 2018 at 09:07, Julien Cristau <[email protected]> wrote: >> > Control: tag -1 moreinfo >> > >> > On Fri, Dec 22, 2017 at 23:47:34 +0000, Roger A. Light wrote: >> > >> >> +Description: Fix for CVE-207-9868. >> >> +Author: Roger Light <[email protected]> >> >> +Forwarded: not-needed >> >> +Origin: upstream, >> >> https://mosquitto.org/files/cve/2017-9868/mosquitto-1.4.x_cve-2017-9868.patch >> >> +--- a/src/persist.c >> >> ++++ b/src/persist.c >> >> +@@ -362,6 +362,10 @@ >> >> + _mosquitto_log_printf(NULL, MOSQ_LOG_INFO, "Error saving >> >> in-memory database, out of memory."); >> >> + return MOSQ_ERR_NOMEM; >> >> + } >> >> ++ >> >> ++ /* Restrict access to persistence file. */ >> >> ++ umask(0077); >> >> ++ >> >> + snprintf(outfile, len, "%s.new", db->config->persistence_filepath); >> >> + outfile[len] = '\0'; >> >> + >> > >> > Is this likely to negatively affect other files the application might >> > create? >> > >> > Cheers, >> > Julien >>
