This bug was fixed in the package atop - 1.23-1+squeeze1build0.10.10.1
---
atop (1.23-1+squeeze1build0.10.10.1) maverick-security; urgency=low
* fake sync from Debian
atop (1.23-1+squeeze1) stable; urgency=high
* Non-maintainer upload.
* Fix CVE-2011-: Insecure use of temp
Hi Zubin - The changelog looks pretty good, but now I see that you are
using the exact patch from Debian. I thought that you were intentionally
diverging from the Debian patch in your first debdiff.
Since Lucid and Maverick shipped version 1.23-1 and Squeeze has fixed
the issue in 1.23-1+squeeze1,
Hi, I'm uploading a second debdiff file with changes as in the above
link and a corrected changelog.
** Patch added: "updated patch for maverick"
https://bugs.launchpad.net/ubuntu/+source/atop/+bug/820497/+attachment/2729207/+files/atop_1.23-1ubuntu1.debdiff
** Changed in: atop (Ubuntu Maveri
Hi! The changes I had made were based on a patch that was sent to the
mailing list thread at [1], aand here's a link to the patch[2].
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622794
[2]
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=24;filename=nmudiff.atop;att=1;bug=622794
--
Yo
Hi Zubin - Thanks for the debdiff! A few comments:
1) What did you base your patch off of? The patch in the Debian BTS is
slightly different. Your version seems to make a few more changes.
2) The changelog is not formatted as specified in
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Upd
** Also affects: atop (Ubuntu Maverick)
Importance: Undecided
Status: New
** Changed in: atop (Ubuntu Maverick)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/
Please find attached, debdiff for 10.10 Maverick.
** Patch added: "atop_1.23-1ubuntu1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/atop/+bug/820497/+attachment/2725991/+files/atop_1.23-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3618
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or fil
** Changed in: atop (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or file
** Branch unlinked: lp:~utlemming/ubuntu/natty/atop/natty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or file
To manage noti
** Changed in: atop (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or file
To m
** Changed in: atop (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or file
To manag
** Changed in: atop (Ubuntu)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/820497
Title:
vulnerable to symlink attack via insecure /tmp directory or file
To manage
Patched for natty and oneiric.
Tested and confirmed that moving the directories works.
** Changed in: atop (Ubuntu)
Assignee: (unassigned) => Ben Howard (utlemming)
** Branch linked: lp:~utlemming/ubuntu/oneiric/atop/oneiric
** Branch linked: lp:~utlemming/ubuntu/natty/atop/natty
--
You
14 matches
Mail list logo
