tag 637384 + confirmed thanks On Fri, 2011-08-12 at 10:09 +0200, Niels Thykier wrote: > On 2011-08-11 19:51, Adam D. Barratt wrote: > > On Wed, 2011-08-10 at 21:04 +0200, Niels Thykier wrote: > >> I would like permission to backport the following security > >> related patch to Lintian in stable. The security team has > >> already told me that they were not interested in a security > >> upload. > > > > I'm not surprised tbh, assuming that the issue indeed only allows file > > existence testing, rather than content retrieval. > > As far as I can tell, there is no way to exploit the particular checks > here to do content retrieval.
Cool. > >> + + [NT] Fixed information disclosure issue, where Lintian could > >> + be tricked into disclosing the present of files on the host > > > > As per other people's IRC poking - and the patch header :-) - > > s/present/presence/. [...] > Fixed this one :) Ta. > >> +So far as it is copyrightable at all, this test case is > >> + Copyright © 2009 Russ Allbery <r...@debian.org> > >> + Copyright © 2009 Adam D. Barratt <a...@adam-barratt.org.uk> > > > > Hmmm, interesting... > > > Copy/waste from another test... I can fix it if you insist, but most of > the tests in 2.4.3..2.5.1 suffers from the same issue. Nah, I just forgot there were any test cases that I'd actually bothered doing that with. Please feel free to upload. Regards, Adam -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1313180633.28546.3.ca...@hathi.jungle.funky-badger.org
