In order to fix this, we can just sync 0.3.0-2 from Sid to Zesty. Here
is the changelog for 0.3.0-2:
lxterminal (0.3.0-2) unstable; urgency=high
* Fix improper use of /tmp for a socket file. (CVE-2016-10369)
(Closes: #862098)
* Fix tab renaming dialog. (Closes: #862096)
-- Yao Wei (魏銘廷) <[email protected]> Tue, 09 May 2017 12:13:07 +0800
The first entry is fixing the CVE that this bug is about, and the second
entry is fixing a bug that we would have to upload anyways "unable to
rename tabs" and that's perfectly valid for an SRU, in my opinion.
Security team, I think there's a few options here:
1. Make an Ubuntu delta with only this CVE in Zesty, upload it to
zesty-security, and file a separate SRU bug to get the additional patch from
Debian in there. I think, technically speaking, this follows the most rules.
2. Just sync from Debian Sid as shown above, and skip the SRU docs for the
additional part of the upload. This would be the easiest, and it would be
simpler.
Thoughts?
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-10369
** Changed in: lxterminal (Ubuntu Artful)
Status: In Progress => Fix Released
** Changed in: lxterminal (Ubuntu Artful)
Assignee: Simon Quigley (tsimonq2) => (unassigned)
** Changed in: lxterminal (Ubuntu Zesty)
Status: New => In Progress
** Changed in: lxterminal (Ubuntu Zesty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1690416
Title:
[CVE] socket can be blocked by another user
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxterminal/+bug/1690416/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
