On Mon, 23 Feb 2015 11:48:35 +0100 Raphael Hertzog <hert...@debian.org> wrote:
> Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of your package: > https://security-tracker.debian.org/tracker/CVE-2014-9680 > https://security-tracker.debian.org/tracker/CVE-2014-0106 > (the latter has been ignored up-to-now but since we have to > prepare an update, we might as well include the fix in this update) Fix for CVE-2014-9680. marko@debian:~$ echo moo > tz marko@debian:~$ chmod 0 tz marko@debian:~$ cat tz cat: tz: Permission denied marko@debian:~$ TZ=$PWD/tz sudo -u root strace -e read date sudo: strace: command not found marko@debian:~$ TZ=$PWD/tz sudo -u root strace -e read date read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220!\0\0\0\0\0\0"..., 832) = 832 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\357\1\0\0\0\0\0"..., 832) = 832 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\\\0\0\0\0\0\0"..., 832) = 832 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\6\0\0\0\0"..., 4096) = 1931 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\7\0\0\0\7\0\0\0\0"..., 4096) = 1230 Thu Feb 26 15:25:44 CET 2015 Best regards -- http://markorandjelovic.hopto.org One should not be afraid of humans. Well, I am not afraid of humans, but of what is inhuman in them. Ivo Andric, "Signs near the travel-road"
sudo_1.7.4p4-2.squeeze.5.debian.tar.gz
Description: GNU Zip compressed data
sudo_1.7.4p4-2.squeeze.5.dsc
Description: Binary data
