Chris Lamb wrote: > Hi -release, > > I would like to upload geordi 0:20080725T0146-1+lenny1 to t-p-u to fix a > DoS issue. The relevant changelog entry is: > > geordi (0:20080725T0146-1+lenny1) testing-proposed-updates; urgency=low > > * Ignore (rather than allow) fcntl system call to prevent a DoS. Upstream > writes: > > By using fcntl with F_SETOWN to make the geordi process the owner of > its stdout and then using fcntl again to set O_ASYNC on stdout, the > C++ program could have the geordi process receive SIGIO, causing it > to shut down. > > We only allowed fcntl because g++ appeared to need it. Upon closer > inspection, it turns out g++ only uses it to check some flags on the > precompiled header fd, and the system call can just be ignored > altogether. > > Patch backported from upstream darcs repository. > > The debdiff is attached to this mail. I will be making the parallel change > to sid's version this evening.
Ok, please upload. Cheers Luk -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
