Here it is the missing file.
However, this is not over.
exploto_0.1.debian.tar.gz
Description: application/compressed-tar
smime.p7s
Description: S/MIME cryptographic signature
Hi Guillem,
On 30 April 2014 01:36, Guillem Jover guil...@debian.org wrote:
[...]
Attached a non-tested quick patch implementing this. I'll start
testing it and preparing packages for all suites.
In case you were waiting for an ACK, please go ahead. I'll handle the
update soon after they've
On Wed, 2014-04-30 at 14:45:36 +0200, Raphael Geissert wrote:
On 30 April 2014 01:36, Guillem Jover guil...@debian.org wrote:
[...]
Attached a non-tested quick patch implementing this. I'll start
testing it and preparing packages for all suites.
In case you were waiting for an ACK, please
Hi,
On Mon, 2014-04-28 at 22:35:57 +0200, Javier Serrano Polo wrote:
Package: dpkg
Version: 1.15.9
Tags: security squeeze
As far as I see, escaping file names was added to diffutils in 2012. The
feature is not present in a squeeze environment. CVE-2014-0471 does not
apply.
Directory
El dt 29 de 04 de 2014 a les 08:11 +0200, Guillem Jover va escriure:
In any case, squeeze could be affected by a partial upgrade of patch,
That is true.
Since patch is the one doing the job, how about performing a --dry-run
first and checking the output?
smime.p7s
Description: S/MIME
Hi,
On 29 April 2014 08:11, Guillem Jover guil...@debian.org wrote:
[...]
2. Revert the patch and add versioned depdendencies against the working
patch package. This might require some dist-upgrade tests, though.
3. Fix the patch to take into account the old behaviour, by checking
On 2014-04-29 12:27 +0200, Raphael Geissert wrote:
On 29 April 2014 08:11, Guillem Jover guil...@debian.org wrote:
[...]
2. Revert the patch and add versioned depdendencies against the working
patch package. This might require some dist-upgrade tests, though.
3. Fix the patch to
* Guillem Jover guil...@debian.org, 2014-04-29, 08:11:
1. Simply revert the patch, and ignore issues w/ partial upgrades (at
least for now?).
2. Revert the patch and add versioned depdendencies against the working
patch package. This might require some dist-upgrade tests, though.
3. Fix the
I am giving some hours to the security team, that has asked for a proof
of concept.
Format: 3.0 (quilt)
Source: exploto
Version: 0.1
Maintainer: Javier Serrano Polo jav...@jasp.net
Standards-Version: 3.9.1
Checksums-Sha1:
6f6e8000c35ad31251693ed8edc4cea71428df7c 121 exploto_0.1.orig.tar.gz
On Tue, 2014-04-29 at 18:55:35 +0200, Jakub Wilk wrote:
* Guillem Jover guil...@debian.org, 2014-04-29, 08:11:
1. Simply revert the patch, and ignore issues w/ partial upgrades (at
least for now?).
2. Revert the patch and add versioned depdendencies against the working
patch package. This
* Guillem Jover guil...@debian.org, 2014-04-29, 23:40:
1. Simply revert the patch, and ignore issues w/ partial upgrades (at
least for now?).
2. Revert the patch and add versioned depdendencies against the
working patch package. This might require some dist-upgrade tests,
though.
3. Fix the
Hi!
On Wed, 2014-04-30 at 00:12:56 +0200, Jakub Wilk wrote:
* Guillem Jover guil...@debian.org, 2014-04-29, 23:40:
1. Simply revert the patch, and ignore issues w/ partial upgrades (at
least for now?).
2. Revert the patch and add versioned depdendencies against the
working patch package.
Package: dpkg
Version: 1.15.9
Tags: security squeeze
As far as I see, escaping file names was added to diffutils in 2012. The
feature is not present in a squeeze environment. CVE-2014-0471 does not
apply.
Directory traversal during unpack is possible now. I will wait one day
before releasing an
13 matches
Mail list logo
