debian/changelog | 7 +++++++
debian/local/Xsession | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
New commits:
commit 8b2df98c792aa52f181624206d9ed9331eaba5a8
Author: Julien Cristau <[EMAIL PROTECTED]>
Date: Tue Feb 20 10:12:25 2007 +0100
debian/local/Xsession: set temporary umask when creating $ERRFILE.
Thanks to Timo Aaltonen for pointing out this change in the Ubuntu package.
Reference: CVE-2006-5214.
diff --git a/debian/changelog b/debian/changelog
index 8973c34..63132b8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+xorg (1:7.1.0-13) UNRELEASED; urgency=high
+
+ * debian/local/Xsession: set temporary umask when creating $ERRFILE. Thanks
+ Timo Aaltonen. This fixes CVE-2006-5214.
+
+ -- Julien Cristau <[EMAIL PROTECTED]> Tue, 20 Feb 2007 10:08:56 +0100
+
xorg (1:7.1.0-12) unstable; urgency=high
[ Christian Perrier ]
diff --git a/debian/local/Xsession b/debian/local/Xsession
index f4e7663..e818342 100644
--- a/debian/local/Xsession
+++ b/debian/local/Xsession
@@ -78,7 +78,7 @@ ALTUSERXSESSION=$HOME/.Xsession
ERRFILE=$HOME/.xsession-errors
# attempt to create an error file; abort if we cannot
-if touch "$ERRFILE" 2> /dev/null && [ -w "$ERRFILE" ] &&
+if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -w "$ERRFILE" ] &&
[ ! -L "$ERRFILE" ]; then
chmod 600 "$ERRFILE"
elif ERRFILE=$(tempfile 2> /dev/null); then
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
