Hi
Martin Schulze schrieb:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3146
seems fixed by the newly introduced checkDelSymlink() function,
which was added to ten different places in the code (not all of which
might be security sensitive, but at least two operate directly
on
Arthur Korn wrote:
Hi
1.19-1 source and binary packages work on stable, and the
differences to 1.18.4-2 are all local bugfixes, so I figure it
doesn't make any sense to separate bugfixes from bugfixes for a
special security fix for stable. Well, we could split out
Since the diff between
Moritz Muehlenhoff wrote:
1.19-1 source and binary packages work on stable, and the
differences to 1.18.4-2 are all local bugfixes, so I figure it
doesn't make any sense to separate bugfixes from bugfixes for a
special security fix for stable. Well, we could split out
storeBackupSync,
Martin Schulze wrote:
I'm not sure about
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3148,
which would require some more studying of the code.
It's the chown call.
It seems that the old version executed chown uid gid link which doesn't
work. The new version executes chown
Moritz Muehlenhoff wrote:
Sounds correct, my manpage says:
-h, --no-dereference
affect each symbolic link instead of any referenced file (useful only on
systems that can change the ownership of a symlink)
However, I think that this hunk is missing for CAN-2005-3148:
diff -Naur
Package: storebackup
Version: 1.18.4-2
Severity: grave
Tags: security
Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed
several security problems, which are still present in Sarge, they've been
assigned CAN-2005-3150, CAN-2005-3149 and
Hi
1.19-1 source and binary packages work on stable, and the
differences to 1.18.4-2 are all local bugfixes, so I figure it
doesn't make any sense to separate bugfixes from bugfixes for a
special security fix for stable. Well, we could split out
storeBackupSync, though that new script is
Arthur Korn wrote:
BTW, I made an error in my initial bug report, it's CAN-2005-314[876].
1.19-1 source and binary packages work on stable, and the
differences to 1.18.4-2 are all local bugfixes, so I figure it
doesn't make any sense to separate bugfixes from bugfixes for a
special security
8 matches
Mail list logo
