[Bug 767746] Re: Sync tmux 1.3-2+squeeze1 (universe) from Debian stable (updates)
Micah Gersten
launchpad at micahscomputing.com
Thu Apr 21 09:31:16 UTC 2011
Taking a look
** Changed in: tmux (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: tmux (Ubuntu)
Status: New => In Progress
** Changed in: tmux (Ubuntu)
Assignee: (unassigned) => Micah Gersten (micahg)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/767746
Title:
Sync tmux 1.3-2+squeeze1 (universe) from Debian stable-security (main)
Status in “tmux” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: tmux
[requestsync does not appear to support sync requests from
stable/updates, in part because it does not appear that launchpad
tracks it (bug 767663), so I'm faking this sync request. Apologies if
I don't get it quite right.]
Please sync tmux 1.3-2+squeeze1 (universe) from Debian stable
(updates)
tmux 1.3-2+squeeze1 fixes a security issue allowing users to obtain
utmp group privileges (CVE-2011-1496). Package build on both natty
i386 and amd64, and limited testing shows that the package continues
to install, run, and uninstall. It would be nice to fix this issue for
natty.
All changelog entries:
tmux (1.3-2+squeeze1) stable-security; urgency=high
* Fix "Incorrect dropping of privileges allows users to obtain utmp
group privileges" by adjusting patch 04_drop_unnecessary_privileges.diff<
to drop privileges at the caller side (Closes: #620304).
-- Karl Ferdinand Ebert <kfebert at gmail.com> Mon, 04 Apr 2011
23:11:12 +0200
I've also attached the debdiff.
More information about the Ubuntu-sponsors
mailing list