Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-06-09 Thread Otavio Salvador
Daniel Burrows [EMAIL PROTECTED] writes: That aside, it looks like the opposite has happened -- apt is now *blocked* from testing! I know we are entering a freeze soon, but this version fixes not only this RC bug, but several RC bugs that prevent aptitude from working in any Russian

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-06-08 Thread Daniel Burrows
On Wed, May 28, 2008 at 07:58:53PM -0700, Daniel Burrows [EMAIL PROTECTED] was heard to say: On Wed, May 28, 2008 at 02:27:55PM +, Debian Bug Tracking System [EMAIL PROTECTED] was heard to say: Changes: apt (0.7.14) unstable; urgency=low [snip] [ Otavio Salvador ] *

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-05-30 Thread Daniel Burrows
Security team: Bryan Donlan discovered a security hole in the interaction between apt and aptitude. apt provides a function GetLock() as a convenient way to obtain an exclusive lock using a lockfile. aptitude uses this to create a lock file controlling its own state, which since version

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-05-29 Thread Otavio Salvador
Daniel Burrows [EMAIL PROTECTED] writes: On Wed, May 28, 2008 at 02:27:55PM +, Debian Bug Tracking System [EMAIL PROTECTED] was heard to say: Changes: apt (0.7.14) unstable; urgency=low [snip] [ Otavio Salvador ] * Apply patch to avoid truncating of arbitrary files. Thanks

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-05-29 Thread Daniel Burrows
On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador [EMAIL PROTECTED] was heard to say: Daniel Burrows [EMAIL PROTECTED] writes: On Wed, May 28, 2008 at 02:27:55PM +, Debian Bug Tracking System [EMAIL PROTECTED] was heard to say: Changes: apt (0.7.14) unstable; urgency=low

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-05-29 Thread Daniel Burrows
On Thu, May 29, 2008 at 07:52:38AM -0700, Daniel Burrows [EMAIL PROTECTED] was heard to say: On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador [EMAIL PROTECTED] was heard to say: Daniel Burrows [EMAIL PROTECTED] writes: On Wed, May 28, 2008 at 02:27:55PM +, Debian Bug

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-05-29 Thread Daniel Burrows
On Thu, May 29, 2008 at 08:42:56PM -0700, Daniel Burrows [EMAIL PROTECTED] was heard to say: On Thu, May 29, 2008 at 07:52:38AM -0700, Daniel Burrows [EMAIL PROTECTED] was heard to say: On Thu, May 29, 2008 at 09:51:44AM -0300, Otavio Salvador [EMAIL PROTECTED] was heard to say:

Re: Bug#482476: marked as done (Security: Unsafe lock file creation can be used to truncate arbitrary files)

2008-05-28 Thread Daniel Burrows
On Wed, May 28, 2008 at 02:27:55PM +, Debian Bug Tracking System [EMAIL PROTECTED] was heard to say: Changes: apt (0.7.14) unstable; urgency=low [snip] [ Otavio Salvador ] * Apply patch to avoid truncating of arbitrary files. Thanks to Bryan Donlan [EMAIL PROTECTED] for