Control: tags -1 + pending On Fri, 2014-01-31 at 19:36 +0100, Niels Thykier wrote: > On 2014-01-31 19:28, Adam D. Barratt wrote: > > On Fri, 2014-01-31 at 19:01 +0100, Niels Thykier wrote: > >> I would like to fix #736359 / CVE-2014-1638 in Wheezy and Squeeze[0]. > >> According to the security tracker, the security team has classified > >> the bug as "minor" and declared it does not need a DSA[1]. > >> > >> The problem is that localepurge would create tmp files in an unsafe > >> way. This allows a local user to have root destroy arbitrary files on the > >> system (via a race-condition) during upgrades and purge of localepurge. > > > > Please go ahead; thanks. (Bearing in mind the impending window close for > > 7.4 this weekend.) [...] > Thank you, I have dput'ed the package to FTP.
Flagged for acceptance; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
