Hello,
While looking at the gzip package on Mageia, I noticed that it still
includes some patches for CVEs from 2006 or 2009 :
http://svnweb.mageia.org/packages/cauldron/gzip/current/SOURCES/gzip-1.3.5-cve-2006-4335.patch?revision=389214&view=markup
http://svnweb.mageia.org/packages/cauldron/gzip
On 07/07/2013 01:12 PM, Nicolas Vigier wrote:
> Does anyone knows if those patches are still needed, or can be safely
> dropped ?
I don't know, myself. Can you track down what bug they're supposed
to fix? Is there a test case illustrating the bug? Thanks.
Hi,
When gzip creates an archive, it tries to retain owner and permissions
of original file. It does this by chown and chmod sequence here:
http://git.savannah.gnu.org/gitweb/?p=gzip.git;a=blob;f=gzip.c;h=93cc7384ff3959664807e7dad470fe01f4c4f99c;hb=HEAD#l1737
Firs 'chown' is executed, second 'ch
On 07/08/2013 07:36 AM, Vladimir Marek wrote:
> On solaris you can mount given filesystem with norstchown parameter
> which gives the owner of the file the ability to chown the file to
> someone else.
Yes, that's true. But this is unusual -- I've never
seen it done, and I've used a lot of Solaris
