Control: tags -1 + confirmed On Fri, 2014-01-31 at 20:45 +0100, Niels Thykier wrote: > I would like to fix #736359 / CVE-2014-1638 in Squeeze. According to > the security tracker, the security team has classified the bug as > "minor" and declared it does not need a DSA[1]. > > The problem is that localepurge would create tmp files in an unsafe > way. This allows a local user to have root destroy arbitrary files on the > system (via a race-condition) during upgrades and purge of localepurge.
Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1391203288.4453.7.ca...@jacala.jungle.funky-badger.org