Hi. Thanks for the debdiff. I am going to have to NACK it though. 1- The debdiff is inverted.
2- You're not checking the return value of seteuid() 3- This doesn't fix the CVE-2011-2922 issue, which is as serious. If CVE-2011-2922 isn't fixed, there is no value in fixing CVE-2011-2921. Unsubscribing ubuntu-security-sponsors for now. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2922 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/932107 Title: ktsuss fails to change the effective UID back to the real UID To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ktsuss/+bug/932107/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
