Hi Sven, * Sven Dowideit <[EMAIL PROTECTED]> [2007-10-29 08:34]: > I've uploaded a new version to > http://distributedinformation.com/TWikiDebian/ (twiki_4.1.2-3_all.deb) > > > * secure /var/www/twiki/pub/_work_areas (Closes: #444982) > CVE-2007-5193 > * session files in /tmp/twiki, and add O_EXCL to files that go there > * updated Vietnamese translation (Closes: #426850) > * don't modify files that are not installed (Closes: #444498) > > > I've implemented Joey's suggestion of 1777 & O_EXCL - mostly the files in tmp > are written by CGI::Session, that takes care of things. > > I also moved the 1777 tmp dir back to /tmp/twiki, as per Nico's point wrt to > filling /var > > and fixed a few other bitzers > > I've reported the issue upstream so we can look at doing a more lasting > change for the next release. [...] I just looked at the debdiff, way better! I think if I didn't miss something and noone else complains about something this can be uploaded! Thanks for working on this. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpixLqxFLPRU.pgp
Description: PGP signature