[pkg-fgfs-crew] Bug#873439: Bug#873439: flightgear: CVE-2017-13709: Incorrect access control

Florent Rougon f.rougon at free.fr
Mon Aug 28 18:26:42 UTC 2017


For stretch, the last two commits of upstream branch release/2016.4:


should do the job (as already said in other mails, and ditto for
unstable with the release/2017.2 branch).

For jessie (it's also affected), I successfully built FG in a
jessie-amd64 pbuilder chroot with the attached source debdiff. You'll
certainly want to make the patch headers DEP-3-compliant and arrange
debian/changelog (at least the version number), but the C++ side should
be fine with these changes. I only tested the build in this old version:
no runtime test, but I don't expect any particular problem. :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2017-13709_jessie.debdiff
Type: text/x-diff
Size: 6665 bytes
Desc: Debdiff fixing CVE-2017-13709 on top of flightgear_3.0.0-5+deb8u2.dsc
URL: <http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/attachments/20170828/db8dfd0b/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-fgfs-crew/attachments/20170828/db8dfd0b/attachment.sig>

More information about the pkg-fgfs-crew mailing list