I suspect that the generate_archive patch has a bug: zf.writestr(zi,
path) sets the file contents of the symlink in the zip (i.e. the
filename it points to) to path (the filename of the original symlink,
not the filename it points to). Hence, it creates a symlink to itself,
not a symlink to wh
Control: tags -1 pending
As previously stated on #debian-security, there are actually four
security issues here, fixed by consecutive upstream commits:
- This issue: generate_archive() allows file access via symlinks
CVE-2024-47515
- Similar issues in _update_file_in_git() (with symlinks)
Control: tags -1 patch
Control: tags 1085764 patch
Control: tags 1064530 patch
Control: tags 1046324 patch
These are all fixed in
https://salsa.debian.org/debian/pagure/-/merge_requests/2
(Caution: untested, beyond a CI run that doesn't run the upstream tests.)
I intend to look at pagure's othe
The Breaks: is correct; the problem is known upstream
(http://bugs.jython.org/issue2087), but there is currently no fix.
If you're trying to rebuild sikuli for the opencv2.4 transition, you
might want to use testing-proposed-updates
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712615#45).
>God could not be everywhere and therefore he made mothers
>A bad custom is like a good cake, better broken than kept.
Hi boy's,
Adobe PhotoShop CS 8.0 for $40 - nice deal right ? ;) retail price is $650 -
great savings, huh?
Microsoft Windows 2003 Enterprise Server ... Only $50, You s'ave $
5 matches
Mail list logo
