tag 637384 + squeeze thanks On Wed, 2011-08-10 at 21:04 +0200, Niels Thykier wrote: > I would like permission to backport the following security > related patch to Lintian in stable. The security team has > already told me that they were not interested in a security > upload.
I'm not surprised tbh, assuming that the issue indeed only allows file existence testing, rather than content retrieval. > +lintian (2.4.3+squeeze1) stable; urgency=low > + > + * checks/debian-source-dir: > + + [NT] Fixed information disclosure issue, where Lintian could > + be tricked into disclosing the present of files on the host As per other people's IRC poking - and the patch header :-) - s/present/presence/. > + system via specially crafted source packages. [...] > +So far as it is copyrightable at all, this test case is > + Copyright © 2009 Russ Allbery <[email protected]> > + Copyright © 2009 Adam D. Barratt <[email protected]> Hmmm, interesting... Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
