Hi Zubin - The changelog looks pretty good, but now I see that you are using the exact patch from Debian. I thought that you were intentionally diverging from the Debian patch in your first debdiff.
Since Lucid and Maverick shipped version 1.23-1 and Squeeze has fixed the issue in 1.23-1+squeeze1, it is best for us to do a security fake sync[1] from the updated Debian Squeeze package. I hope that makes sense and I'm sorry for the earlier confusion. [1]: https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue#Sync_request_bugs -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/820497 Title: vulnerable to symlink attack via insecure /tmp directory or file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/atop/+bug/820497/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
