Control: tags -1 + patch
Attached debdiff for sid. Same will go for jessie-security.
Regards,
Salvatore
diff -u eject-2.1.5+deb1+cvs20081104/debian/changelog
eject-2.1.5+deb1+cvs20081104/debian/changelog
--- eject-2.1.5+deb1+cvs20081104/debian/changelog
+++ eject-2.1.5+deb1+cvs20081104/debian/changelog
@@ -1,3 +1,11 @@
+eject (2.1.5+deb1+cvs20081104-13.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * CVE-2017-6964: Check the return values when dropping privileges
+ (Closes: #858872)
+
+ -- Salvatore Bonaccorso <car...@debian.org> Tue, 28 Mar 2017 06:22:15 +0200
+
eject (2.1.5+deb1+cvs20081104-13.1) unstable; urgency=low
[ Ankit Sinha ]
diff -u eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
--- eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
+++ eject-2.1.5+deb1+cvs20081104/dmcrypt-get-device.c
@@ -58,8 +58,10 @@
return 1;
/* Drop all privileges */
- setgid(getgid());
- setuid(getuid());
+ if (setgid(getgid()))
+ return 1;
+ if (setuid(getuid()))
+ return 1;
if (!dm_task_get_info(dmt, &dmi))
return 1;
