Hi,
I'd like to fix CVE-2011-4089 for the next point update.
debdiff below.
Cheers,
Moritz
diff -u bzip2-1.0.5/bzexe bzip2-1.0.5/bzexe
--- bzip2-1.0.5/bzexe
+++ bzip2-1.0.5/bzexe
@@ -125,7 +125,7 @@
umask $umask
/bin/chmod 700 $tmpfile
prog="`echo $0 | /bin/sed 's|^.*/||'`"
- if /bin/ln $tmpfile "/tmp/$prog" 2>/dev/null; then
+ if /bin/ln -T $tmpfile "/tmp/$prog" 2>/dev/null; then
trap '/bin/rm -f $tmpfile "/tmp/$prog"; exit $res' 0
(/bin/sleep 5; /bin/rm -f $tmpfile "/tmp/$prog") 2>/dev/null &
/tmp/"$prog" ${1+"$@"}; res=$?
diff -u bzip2-1.0.5/debian/changelog bzip2-1.0.5/debian/changelog
--- bzip2-1.0.5/debian/changelog
+++ bzip2-1.0.5/debian/changelog
@@ -1,3 +1,10 @@
+bzip2 (1.0.5-6+squeeze1) stable; urgency=low
+
+ * Non-maintainer upload by the Security Team
+ * Fix CVE-2011-4089, thanks to vladz (Closes: #632862)
+
+ -- Moritz Muehlenhoff <j...@debian.org> Mon, 26 Dec 2011 11:39:27 +0000
+
bzip2 (1.0.5-6) unstable; urgency=high
* Fix integer overflow
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111226132607.GA10976@pisco.westfalen.local
