[Bug 767746] [NEW] Sync tmux 1.3-2+squeeze1 (universe) from Debian stable (updates)
Launchpad Bug Tracker
767746 at bugs.launchpad.net
Thu Apr 21 09:35:48 UTC 2011
You have been subscribed to a public bug by Micah Gersten (micahg):
Binary package hint: tmux
[requestsync does not appear to support sync requests from
stable/updates, in part because it does not appear that launchpad tracks
it (bug 767663), so I'm faking this sync request. Apologies if I don't
get it quite right.]
Please sync tmux 1.3-2+squeeze1 (universe) from Debian stable (updates)
tmux 1.3-2+squeeze1 fixes a security issue allowing users to obtain utmp
group privileges (CVE-2011-1496). Package build on both natty i386 and
amd64, and limited testing shows that the package continues to install,
run, and uninstall. It would be nice to fix this issue for natty.
All changelog entries:
tmux (1.3-2+squeeze1) stable-security; urgency=high
* Fix "Incorrect dropping of privileges allows users to obtain utmp
group privileges" by adjusting patch 04_drop_unnecessary_privileges.diff<
to drop privileges at the caller side (Closes: #620304).
-- Karl Ferdinand Ebert <kfebert at gmail.com> Mon, 04 Apr 2011 23:11:12
+0200
I've also attached the debdiff.
** Affects: tmux (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
Sync tmux 1.3-2+squeeze1 (universe) from Debian stable (updates)
https://bugs.launchpad.net/bugs/767746
You received this bug notification because you are a member of Ubuntu Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list