The new upstream version that fixes this bug introduces a lot of other
changes and doesn't seem acceptable for lenny.
Is anyone working on backporting the fix for a t-p-u upload? I can
probably do it later this week but I don't want to duplicate work.
Cheers,
Stefan
--
To UNSUBSCRIBE,
Hi,
the following two additional CVE ids have been assigned to
symlink issues in cman redhat-cluster:
CVE-2008-4579[0]:
| The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a)
| fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode,
| allows local users to append to
Hi,
It looks like there are some more tempfile creation problems in the
redhat-cluster source package.
1) In rgmanager/src/daemons/main.c (line 707):
void
dump_internal_state(char *loc)
{
FILE *fp;
fp=fopen(loc, w+);
severity 496410 grave
thanks
SL So I don't think I've made a mistake here.
You are mistake, see
http://www.debian.org/Bugs/Developer.en.html#severities
quote:
grave
makes the package in question unusable or mostly so, or causes data
loss, or introduces a security hole allowing access
severity 496410 important
thanks
On Wed, Aug 27, 2008 at 07:12:29PM +0400, Dmitry E. Oboukhov wrote:
_or_ _causes_ _data_ _loss_
It does not cause data loss, the admin needs to execute it. And now stop
bitching around.
Bastian
--
Superior ability breeds superior ambition.
--
tags 496410 security
thanks
On 13:15 Sun 24 Aug , Steve Langasek wrote:
SL severity 496410 important
SL thanks
You are mistake :)
Your script places in /usr/sbin, ie it runs with root privs.
If I create symlink /etc/shadow - /tmp/eglog and You start this script,
then your system 'll
On Mon, Aug 25, 2008 at 10:40:31AM +0400, Dmitry E. Oboukhov wrote:
On 13:15 Sun 24 Aug , Steve Langasek wrote:
SL severity 496410 important
SL thanks
You are mistake :)
Your script places in /usr/sbin, ie it runs with root privs.
If I create symlink /etc/shadow - /tmp/eglog and You
severity 496410 important
thanks
On Sun, Aug 24, 2008 at 10:05:29PM +0400, Dmitry E. Oboukhov wrote:
Package: cman
Severity: grave
Binary-package: cman (2.20080629-1)
file: /usr/sbin/fence_egenera
The broken usage is:
local *egen_log;
open(egen_log,/tmp/eglog);
Package: cman
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors which
9 matches
Mail list logo