[Secure-testing-team] Pulseaudio CVS-2008-0008
Nico Golde
debian-secure-testing+ml at ngolde.de
Thu Jan 24 23:02:13 UTC 2008
Hi Sjoerd,
* Sjoerd Simons <sjoerd at luon.net> [2008-01-24 13:54]:
> I've just uploaded pulseaudio 0.9.9-1 to unstable. This fixes CVE-2008-0008,
> pulseaudio didn't check the return codes of setuid, which potentially made it
> possible for a user to prevent it from dropping permissions.
[...]
Thijs already marked this as fixed in svn. Anyway, just
wanted to say thanks, there are not many maintainers who
come and notice us an such cases. Kepp up this work!
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080125/9468ed27/attachment.pgp
More information about the Secure-testing-team
mailing list