Stuart Henderson <st...@openbsd.org> writes: > On 2013/12/19 00:39, Jérémie Courrèges-Anglas wrote: >> >> The current consumers of this module in ports don't specify the pid_file >> parameter. Still, a future port could.
For this reason I don't think a backport is necessary, but other people here may use this module for other purposes on 5.3/4. Your call. >> This is CVE-2013-7135 btw. >> >> ok? > > Yes. > >> http://bugs.debian.org/732283 > > "The PID is secret and must be protected with mask 066"?! Maybe that's a concern when your PIDs aren't randomized... -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
