Confirmed that downgrading from 'libpulsecore5_0.9.10-3+lenny2_amd64' to
'libpulsecore5_0.9.10-3+lenny1_amd64' resolves the issue. Also
confirmed that adding a distclean + bootstrap to debian/patches resolves
the issue. However, am I wrong to assume that the output of bootstrap
(or any of the
Same error here.
In pa_make_secure_dir (core-util.c:197), uid=-1 and gid=-1.
HAVE_FCHOWN is not defined so their values are not fixed, and the
comparaisons at line 267-268 fail.
I changed uid and gid values in gdb and it worked.
___
Hi,
the problem is that HAVE_FCHOWN others are missing from config.h.in.
I've attached an update for 0002-CVE-2009-1299 which fixes this problem.
best,
Torsten
--
.: Torsten Marek
.: http://shlomme.diotavelli.net
.: tors...@diotavelli.net -- GnuPG: 1024D/A244C858
# From
Hi,
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574111
covers the same issue for stable, was reported 16 March and has a
patch. Maybe this bug should be merged with it?
___
Pkg-pulseaudio-devel mailing list
I can confirm this in 0.9.21-1.1 while 0.9.21-1 WFM. Presumably it's
caused by the attempt to fix #573615:
pulseaudio (0.9.21-1.1) unstable; urgency=high
* Non-maintainer upload.
* Fix insecure temporary file creation security issue (closes: #573615).
-- Michael Gilbert
It looks like this patch causes complete breakage for at least some
users (bug #576457).
--
TH * http://www.realh.co.uk
___
Pkg-pulseaudio-devel mailing list
Pkg-pulseaudio-devel@lists.alioth.debian.org
Your message dated Mon, 05 Apr 2010 22:59:52 +0200
with message-id 4bba4f48.5060...@iuculano.it
and subject line Fixed
has caused the Debian Bug report #573615,
regarding CVE-2009-1299: insecure temporary file creation
to be marked as done.
This means that you claim that the problem has been
Processing commands for cont...@bugs.debian.org:
merge 576457 576546
Bug#576457: pulseaudio: fails to start
Bug#576546: pulseaudio: refuses to start
Merged 576457 576546.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
pulseaudio_0.9.21-1.2_i386.changes uploaded successfully to localhost
along with the files:
pulseaudio_0.9.21-1.2.dsc
pulseaudio_0.9.21-1.2.diff.gz
pulseaudio_0.9.21-1.2_i386.deb
pulseaudio-dbg_0.9.21-1.2_i386.deb
pulseaudio-utils_0.9.21-1.2_i386.deb
Hi,
Attached is a debdiff of the changes I made for 0.9.21-1.2 0-day NMU.
Cheers,
Giuseppe
diff -u pulseaudio-0.9.21/debian/changelog pulseaudio-0.9.21/debian/changelog
--- pulseaudio-0.9.21/debian/changelog
+++ pulseaudio-0.9.21/debian/changelog
@@ -1,3 +1,12 @@
+pulseaudio (0.9.21-1.2)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Mon, 05 Apr 2010 23:02:56 +0200
Source: pulseaudio
Binary: pulseaudio pulseaudio-dbg pulseaudio-utils pulseaudio-utils-dbg
pulseaudio-esound-compat pulseaudio-esound-compat-dbg
pulseaudio-module-zeroconf
There are disparities between your recently accepted upload and the
override file for the following file(s):
pulseaudio-module-raop-dbg_0.9.21-1.2_i386.deb: package says priority is extra,
override says optional.
Please note that a list of new sections were recently added to the
archive:
Hi,
I'm not sure how this ever worked. With the shipped
/usr/lib/libpulsecommon-0.9.21.so pa_make_secure_dir
consistenly fails.
As someone else pointed out the problem is here:
(st.st_uid != uid) ||
(st.st_gid != gid) ||
because at this point uid = -1 and gid = -1.
13 matches
Mail list logo
