[Secure-testing-team] libpam-mount CVE-2008-5138
Bastian Kleineidam
calvin at debian.org
Mon Nov 24 23:05:17 UTC 2008
Hello Steffen,
Am Monday 24 November 2008 12:13:55 schrieb Steffen Joeris:
> I was wondering, what are your plans for lenny regarding the insecure
> tempfile issue (CVE-2008-5138)[0]? From what I can see the script is not
> available in sid anymore, so can we just drop it?
Yes, it can be dropped. The script has been removed in recent versions of
libpam-mount. The script version 0.43 in lenny is broken anyway since it uses
the old configuration format instead of the new XML format.
I will prepare an upload for testing-security, which also fixes #502146
Regards,
Bastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081125/f4dd70ef/attachment.pgp
More information about the Secure-testing-team
mailing list