[Secure-testing-team] Pulseaudio CVS-2008-0008
Thijs Kinkhorst
thijs at debian.org
Thu Jan 24 15:11:35 UTC 2008
On Thursday 24 January 2008 13:31, Sjoerd Simons wrote:
> I've just uploaded pulseaudio 0.9.9-1 to unstable. This fixes
> CVE-2008-0008, pulseaudio didn't check the return codes of setuid, which
> potentially made it possible for a user to prevent it from dropping
> permissions.
>
> While 0.9.9 is a new upstream release, but the only change since the
> 0.9.8 is the security fix. So i opted for just uploading the new release
> instead of adding an extra patch.
Thanks, noted.
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080124/f82e5b79/attachment.pgp
More information about the Secure-testing-team
mailing list