On Sat, Nov 19, 2005 at 11:35:09AM +0100, Pierre THIERRY wrote:
> > There are lots of ways that one can manage to lose ACLs and EAs on
> > files using traditional Unix tools;
> But shouldn't simply *all* problematic packages be filed a security bug?
The BTS definition of the security tag is:
Th
Scribit Steve Langasek dies 18/11/2005 hora 18:19:
> While it is desirable to have sed preserve EAs and ACLs when used with
> -i, I think this severity is overinflated and the security tag is
> incorrect.
I won't argue on the severity (I was not really sure which I had to
choose), but the bug inde
severity 339793 important
tags 339793 -security
thanks
On Fri, Nov 18, 2005 at 10:01:31PM +0100, Pierre THIERRY wrote:
> When doing in-place editing, sed creates a new file without copying ACLs
> and user-defined EA. It's not only a loss of maybe precious data
> (user-defined EA) but a security ho
Package: sed
Version: 4.1.2-8
Severity: grave
Tags: security
Justification: user security hole
When doing in-place editing, sed creates a new file without copying ACLs
and user-defined EA. It's not only a loss of maybe precious data
(user-defined EA) but a security hole, because dropping the ACLs
4 matches
Mail list logo
