Felipe Sateler
2008-Jun-26 16:08 UTC
[Secure-testing-team] RFS: checkinstall security upload
Hi. The version of checkinstall in Debian has a temporary directory creation security problem. I have patched checkinstall and the new version is available at mentors: http://mentors.debian.net/debian/pool/main/c/checkinstall/checkinstall_1.6.1-7.dsc This change is the only difference with the version in testing. Saludos, Felipe Sateler PS: please CC me in replies. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080626/b6536d6f/attachment.pgp
Steffen Joeris
2008-Jun-26 16:32 UTC
[Secure-testing-team] RFS: checkinstall security upload
On Thu, 26 Jun 2008 06:08:04 pm Felipe Sateler wrote:> Hi. The version of checkinstall in Debian has a temporary directory > creation security problem. I have patched checkinstall and the new version > is available at mentors: > > http://mentors.debian.net/debian/pool/main/c/checkinstall/checkinstall_1.6. >1-7.dsc > > This change is the only difference with the version in testing. > > Saludos, > Felipe Sateler > > PS: please CC me in replies.I am happy to take a look, sponsor correspondence can go off-list. Do you know, when the vulnerability was introduced? Cheers Steffen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080626/79238c7f/attachment.pgp