[Po4a-commits] "po4a NEWS,1.35,1.36 changelog,1.252,1.253"
Nicolas FRANCOIS
nekral-guest at alioth.debian.org
Sun Sep 9 12:42:00 UTC 2007
Update of /cvsroot/po4a/po4a
In directory alioth:/tmp/cvs-serv3305
Modified Files:
NEWS changelog
Log Message:
Update old entries and mention the CVE id: CVE-2007-4462.
Index: NEWS
===================================================================
RCS file: /cvsroot/po4a/po4a/NEWS,v
retrieving revision 1.35
retrieving revision 1.36
diff -u -d -r1.35 -r1.36
--- NEWS 9 Sep 2007 12:36:18 -0000 1.35
+++ NEWS 9 Sep 2007 12:41:58 -0000 1.36
@@ -7,7 +7,9 @@
* Major changes in release 0.32 (2007-08-15)
** Security fix
- Fix a possible race condition on a file created in /tmp.
+ Fix a symlink attack caused by the /tmp/gettextization.failed.po
+ temporary file.
+ (CVE-2007-4462)
** Bug fixes
Index: changelog
===================================================================
RCS file: /cvsroot/po4a/po4a/changelog,v
retrieving revision 1.252
retrieving revision 1.253
diff -u -d -r1.252 -r1.253
--- changelog 9 Sep 2007 12:36:18 -0000 1.252
+++ changelog 9 Sep 2007 12:41:58 -0000 1.253
@@ -1,5 +1,10 @@
2007-09-09 Nicolas François <nicolas.francois at centraliens.net>
+ * NEWS, debian/changelog: Update old entries and mention the CVE
+ id: CVE-2007-4462.
+
+2007-09-09 Nicolas François <nicolas.francois at centraliens.net>
+
* NEWS: Prepare NEWS entry for 0.33.
2007-09-09 Nicolas François <nicolas.francois at centraliens.net>
More information about the Po4a-commits
mailing list