For your information. I applied your patch and it was uploaded to Debian. But I got this mail after it is accepted to Debian. If you can provide me a patch which will help saving the surf package in Debian it would be great.
PS: I'm just trying to save surf package on Debian ----- Forwarded message from Florian Weimer <f...@deneb.enyo.de> ----- Date: Fri, 10 Feb 2012 23:18:36 +0100 From: Florian Weimer <f...@deneb.enyo.de> To: Vasudev Kamath <kamathvasu...@gmail.com> Subject: Re: Accepted surf 0.4.1-6 (source i386) * Vasudev Kamath: > surf (0.4.1-6) unstable; urgency=high > . > * QA upload. > * debian/patches: > + Added fix-insecure-permissions.patch to fix world readable cookie jar > vulnerability CVE-2012-0842. (Closes: #659296) - g_mkdir_with_parents(apath, 0755); + g_mkdir_with_parents(apath, 0700); I think you should also downgrade the permissions from 0755 if the directory exists (in case we want to keep the package alive, which I doubt). ----- End forwarded message ----- Best Regards -- Vasudev Kamath http://blog.copyninja.info http://identi.ca/vasudev vasu...@joindiaspora.com (Ostatus)
signature.asc
Description: Digital signature
