Christian, I received this patch from Ubuntu, so if I'm not mistaken, there are now three different ways to fix this bug (two of them from discussions that were not cc:ed to the Debian BTS), but so far none of these patches have been "blessed" by upstream (i.e. you).
Is this patch good enough for unix systems? Ideally, we would like to patch this soon, even if the patch is not completely portable to, say, MS-DOS systems. Thanks. ---------- Forwarded message ---------- From: Martin Pitt <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 17:18:45 +0200 Subject: Bug#321927: Ubuntu patch for unzip CAN-2005-2475 tag 321927 patch thanks Hi security team, hi Santiago! I fixed this in Ubuntu by this simple patch: http://patches.ubuntu.com/patches/unzip.CAN-2005-2475.diff It uses fchmod() instead of chmod() and moves the chmodding to the top of the function since the output file is already closed very early. Santiago, can you please send this to upstream? Please remember to add the CAN number to the changelog when you fix this. Thanks for considering and have a nice day! Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
