This bug was fixed in the package dpkg - 1.15.5.6ubuntu2
---------------
dpkg (1.15.5.6ubuntu2) lucid; urgency=high
* Backport from upstream:
- Use FIEMAP when available (on Linux based systems) to sort the .list
files loading order. With a cold cache it improves up to a 70%.
Thanks to Morten Hustveit <[email protected]>. LP: #442114
- Call fsync(2) after writing files on disk, to get the atomicity
guarantees when doing rename(2). Based on a patch by Jean-Baptiste
Lallement <[email protected]>.
Closes: #430958, LP: #512096
* Security fixes by Raphaƫl Hertzog, also backported from upstream
(CVE-2010-0396):
- Modify dpkg-source to error out when it would apply patches containing
insecure paths (with "/../") and also error out when it would apply a
patch through a symlink. Those checks are required as patch will
happily modify files outside of the target directory and unpacking a
source package should not be able to have any side-effect outside of
the target directory. LP: #532445
- Also error out when the quilt series contains a path with "/../" as
this can cause patch to create files outside of the source package due
to the -B .pc/$path option that it gets.
-- Colin Watson <[email protected]> Thu, 11 Mar 2010 00:34:28 +0000
** Changed in: dpkg (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-0396
--
dpkg gets slower as /var/lib/dpkg/info gets fragmented
https://bugs.launchpad.net/bugs/442114
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
