Moritz Muehlenhoff wrote:
>Package: bacula
>Severity: important
>Tags: security
>
>bacula generates several temporary files in an insecure manner. Please
>see http://www.zataz.net/adviso/bacula-09192005.txt for details.
>
>
Thanks.
Bacula --as packaged by me-- is not vulnerable to the first two attacks:
1.- configure: run at autobuilders or in a controlled build machine --
no local users to exploit race condition
2.- i do not package nor distribute the "rescue disk" functionality
Regarding the third, i will be posting an updated package soon, as time
permits.
Thank you for your feedback,
Best,
J.L.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
