-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 7 Sep 2004 03:20:42 +0000 Source: slocate Binary: slocate Architecture: source i386 Version: 2.7-3 Distribution: unstable Urgency: high Maintainer: Kevin Lindsay <[EMAIL PROTECTED]> Changed-By: Kevin Lindsay <[EMAIL PROTECTED]> Description: slocate - A secure replacment of findutil's locate Closes: 226103 234563 Changes: slocate (2.7-3) unstable; urgency=high . * 'slocate' sgid privileges are now dropped when searching databases that are not apart of the 'slocate' group. This will prevent malicious user supplied databases from elevating user access to the 'slocate' group. See CAN-2003-0848, (closes: #226103) * Changed diversion /etc/cron.daily.find.notslocate to /etc/cron.daily/find.notslocate (closes: #234563) * I also made the database creation feature drop privileges so that the SGID binary can't chown the group of the database to 'slocate' unless the user has explicit access. * Added a patch which caused LOCATE_PATH to be ignored when '-d' was used, and vice versa. This also fixed an off by 1 overflow bug. Files: 2223bfb26ade197154ce17f424e84743 482 utils optional slocate_2.7-3.dsc b5b1997b35abbd56db737bca8f54a174 101576 utils optional slocate_2.7-3.tar.gz c95e2195a2da8660f935bf4485ebcce6 26896 utils optional slocate_2.7-3_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBPUSUUZpV8HRsUfQRAp8GAJkByTZwF+XRVrcYtoMC9bp1crRVTACg2ql3 RoAH22JMDBQeYXJqIEx0SD0= =prVz -----END PGP SIGNATURE----- Accepted: slocate_2.7-3.dsc to pool/main/s/slocate/slocate_2.7-3.dsc slocate_2.7-3.tar.gz to pool/main/s/slocate/slocate_2.7-3.tar.gz slocate_2.7-3_i386.deb to pool/main/s/slocate/slocate_2.7-3_i386.deb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]