Bug#981404: [Debian-med-packaging] Bug#981404: compressed file is world readable, while zstd is running

Control: fixed -1 1.4.8+dfsg-1 Control: tag -1 patch Greetings, This critical issue is affecting Stable. Permissions at compression time are inherited from umask, this may be too relaxed when handling sensitive files. Fortunately, this seems to have been fixed upstream around version 1.4.1.

Bug#981404: compressed file is world readable, while zstd is running

Package: zstd Version: 1.3.8+dfsg-3 Severity: critical Compressing a large file with restricted access permissions a new, world readable file is created, revealing the contents of the uncompressed file. Sample: # whoami root # zstd -q -13 -T8 sample.dmp &> zstd.log & : : # ls -al total