tag 652107 - moreinfo + confirmed
thanks
On 18.12.2011 22:12, Salvatore Bonaccorso wrote:
Hey Adam
On Sun, Dec 18, 2011 at 02:50:49PM +0000, Adam D. Barratt wrote:
tag 652107 + squeeze moreinfo
thanks
On Wed, 2011-12-14 at 22:12 +0100, Salvatore Bonaccorso wrote:
> libpar-packer-perl 1.006-1 and libpar-perl 1.000-1 in Squeeze are
> affected by CVE-2011-4114: "PAR packed files are extracted to
unsafe
> and predictable temporary directories.".
[...]
It wasn't entirely clear from your mail, but have the packages with
the
patches applied been tested on squeeze?
Yes, now I tested the packages on Squeeze. The build already contains
some tests, which all pass, furthermore I did some testing with a par
file, and the pp utility. They behave now detecting unsafe directory
in /tmp if I create these manually with unsafe permissions.
Please go ahead; sorry for the delay.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
