For your information. I applied your patch and it was uploaded to
Debian. But I got this mail after it is accepted to Debian. If you can
provide me a patch which will help saving the surf package in
Debian it would be great.
PS: I'm just trying to save surf package on Debian
----- Forwarded message from Florian Weimer <fw_AT_deneb.enyo.de> -----
Date: Fri, 10 Feb 2012 23:18:36 +0100
From: Florian Weimer <fw_AT_deneb.enyo.de>
To: Vasudev Kamath <kamathvasudev_AT_gmail.com>
Subject: Re: Accepted surf 0.4.1-6 (source i386)
* Vasudev Kamath:
> surf (0.4.1-6) unstable; urgency=high
> .
> * QA upload.
> * debian/patches:
> + Added fix-insecure-permissions.patch to fix world readable cookie jar
> vulnerability CVE-2012-0842. (Closes: #659296)
- g_mkdir_with_parents(apath, 0755);
+ g_mkdir_with_parents(apath, 0700);
I think you should also downgrade the permissions from 0755 if the
directory exists (in case we want to keep the package alive, which I doubt).
----- End forwarded message -----
Best Regards
--
Vasudev Kamath
http://blog.copyninja.info
http://identi.ca/vasudev
vasudev_AT_joindiaspora.com (Ostatus)
Received on Sat Feb 11 2012 - 04:13:45 CET