On Wed, Mar 21, 2012 at 09:50:53PM +0100, Moritz Mühlenhoff wrote:
Yes, the problem is still unfixed in Squeeze. However, It was only fixed
along with the more serious issues in the powerbtn.sh script the the
privilege escalation due to the incorrect umask and didn't warrant an
update on
On Tue, Mar 13, 2012 at 10:06:53AM +0100, Michael Meskes wrote:
On Mon, Mar 12, 2012 at 10:28:14PM +0100, Luciano Bello wrote:
Is it a security problem?
Well, define security problem. The apparently wrong patch came into the
package
in a security release and was supposed to fix a security
On Mon, Mar 12, 2012 at 10:28:14PM +0100, Luciano Bello wrote:
Is it a security problem?
Given that F_SETFD != F_SETFL, I would say that this is a security
problem. A userspace program can cause acpid to stop processing by
blocking on a socket.
Ted.
--
To UNSUBSCRIBE, email to
On Mon, Mar 12, 2012 at 10:28:14PM +0100, Luciano Bello wrote:
Is it a security problem?
Well, define security problem. The apparently wrong patch came into the package
in a security release and was supposed to fix a security problem. Now with the
patch being incomplete I doubt the problem is
On Fri, Mar 09, 2012 at 09:02:16PM +0100, Stevie Trujillo wrote:
Package: acpid
Version: 1:2.0.7-1squeeze3
Severity: normal
From the Debian patch:
--- acpid-2.0.7.orig/sock.c
+++ acpid-2.0.7/sock.c
@@ -73,7 +73,7 @@
if (creds.uid != 0) {
non_root_clients++;
On Monday 12 March 2012, Michael Meskes wrote:
Question to secur...@debian.org, how do we handle this? Update as security
update?
Is it a security problem?
Otherwise: http://www.debian.org/doc/manuals/developers-
reference/pkgs.html#upload-stable
Cheers,
-luciano
--
To UNSUBSCRIBE, email
6 matches
Mail list logo
