[Bug 276137] [NEW] please sync jumpnbump/1.50+dfsg1-1 (universe) from Debian unstable (main)
Launchpad Bug Tracker
276137 at bugs.launchpad.net
Tue Sep 30 00:31:07 BST 2008
You have been subscribed to a public bug by Ansgar Burchardt (ansgar-43-1):
Binary package hint: jumpnbump
Please sync jumpnbump/1.50+dfsg1-1 (universe) from Debian unstable
(main)
jumpnbump used /tmp in an insecure manner. This allows malicious users to overwrite files via symlinks in /tmp.
Also the library dos/libdj.a was removed as no source was available in the tarball (it's not used on Linux anyway).
Changes since 1.50-12:
jumpnbump (1.50+dfsg1-1) unstable; urgency=high
* Urgency set to high as this upload closes a security issue:
* Fix insecure handling of /tmp (Closes: #500611)
* Fix path to utility programs in jumpnbump-menu (Closes: #500340).
Thanks to Kilian Kilger <kilian at nihilnovi.de> for the patch.
* Repackage source to remove dos/libdj.a (no source provided),
mention this in debian/copyright
* Bump Standards Version to 3.8.0 (no changes)
* Add myself to Uploaders.
-- Ansgar Burchardt <ansgar at 43-1.org> Mon, 29 Sep 2008 22:01:59 +0200
** Affects: jumpnbump (Ubuntu)
Importance: Undecided
Status: New
--
please sync jumpnbump/1.50+dfsg1-1 (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/276137
You received this bug notification because you are a member of Ubuntu Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list