tags 688956 + patch tags 688956 + pending thanks Dear Thomas,
I've prepared an NMU for dracut (versioned as 020-1.1) and uploaded it to DELAYED/02. Please feel free to tell me if I should delay it longer. Cheers Luk
diff -Nru dracut-020/debian/changelog dracut-020/debian/changelog --- dracut-020/debian/changelog 2012-06-30 17:24:55.000000000 +0200 +++ dracut-020/debian/changelog 2012-11-04 18:50:53.000000000 +0100 @@ -1,3 +1,11 @@ +dracut (020-1.1) unstable; urgency=medium + + * Non-maintainer upload by the Security Team. + * Fixing CVE-2012-4453: Create the initramfs non-world readable + (Closes: #688956). + + -- Luk Claes <l...@debian.org> Sun, 04 Nov 2012 18:47:50 +0100 + dracut (020-1) unstable; urgency=low * new upstream version diff -Nru dracut-020/debian/patches/roimage dracut-020/debian/patches/roimage --- dracut-020/debian/patches/roimage 1970-01-01 01:00:00.000000000 +0100 +++ dracut-020/debian/patches/roimage 2012-11-04 18:47:37.000000000 +0100 @@ -0,0 +1,15 @@ +Index: dracut-020/dracut.sh +=================================================================== +--- dracut-020.orig/dracut.sh 2012-06-29 12:54:38.000000000 +0200 ++++ dracut-020/dracut.sh 2012-11-04 18:47:30.000000000 +0100 +@@ -887,8 +887,9 @@ + dinfo "*** hardlinking files done ***" + } + ++rm -f "$outfile" + dinfo "*** Creating image file ***" +-if ! ( cd "$initdir"; find . |cpio -R 0:0 -H newc -o --quiet| \ ++if ! ( umask 077; cd "$initdir"; find . |cpio -R 0:0 -H newc -o --quiet| \ + $compress > "$outfile"; ); then + dfatal "dracut: creation of $outfile failed" + exit 1 diff -Nru dracut-020/debian/patches/series dracut-020/debian/patches/series --- dracut-020/debian/patches/series 2012-06-30 17:14:19.000000000 +0200 +++ dracut-020/debian/patches/series 2012-11-04 18:46:42.000000000 +0100 @@ -4,3 +4,4 @@ no-unimaps-directory missing-rpc-user aufs +roimage
