Accepted dist 3.70-31etch1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 06 Oct 2008 18:05:47 -0500
Source: dist
Binary: dist
Architecture: source all
Version: 3.70-31etch1
Distribution: stable
Urgency: high
Maintainer: Manoj Srivastava <srivasta@debian.org>
Changed-By: Manoj Srivastava <srivasta@debian.org>
Description:
dist - Tools for developing, maintaining and distributing software.
Changes:
dist (3.70-31etch1) stable; urgency=high
.
* Backport patches from the Lenny version to fix security issues. If a
script uses a temp file which is created in /tmp, then an attacker can
create symlink with the same name in this directory in order to
destroy or rewrite some system or user files. Symlink attack may also
lead not only to the data desctruction but to denial of service as
well. Creating files with rand or pid to randomize the file names is
not adequate to protect the system. We now use File::Temp to safely
create the temporary files as needed. This closes a grave bug. There
are no code changes in this version, apart from the bug fix. #496412.
Files:
494f8a1fa667cd8b2c14afbb2ab12a2d 590 devel optional dist_3.70-31etch1.dsc
3a7b82e6661fd1b686ed0fe04d9dc3fe 31345 devel optional dist_3.70-31etch1.diff.gz
5f56a5c8ad408f07d50320e951822f35 554194 devel optional dist_3.70-31etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjqnMAACgkQIbrau78kQkxQ/wCgpEmN5eFwU8vnLte89bgzOkJx
+4AAoLqt+e+NNLoZ0Szmq3SSeufkwob7
=v6uz
-----END PGP SIGNATURE-----
Accepted:
dist_3.70-31etch1.diff.gz
to pool/main/d/dist/dist_3.70-31etch1.diff.gz
dist_3.70-31etch1.dsc
to pool/main/d/dist/dist_3.70-31etch1.dsc
dist_3.70-31etch1_all.deb
to pool/main/d/dist/dist_3.70-31etch1_all.deb