[Secure-testing-team] libpam-mount CVE-2008-5138

Bastian Kleineidam calvin at debian.org
Mon Nov 24 23:05:17 UTC 2008


Hello Steffen,

Am Monday 24 November 2008 12:13:55 schrieb Steffen Joeris:
> I was wondering, what are your plans for lenny regarding the insecure
> tempfile issue (CVE-2008-5138)[0]? From what I can see the script is not
> available in sid anymore, so can we just drop it?
Yes, it can be dropped. The script has been removed in recent versions of 
libpam-mount. The script version 0.43 in lenny is broken anyway since it uses 
the old configuration format instead of the new XML format.

I will prepare an upload for testing-security, which also fixes #502146

Regards,
  Bastian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081125/f4dd70ef/attachment.pgp 


More information about the Secure-testing-team mailing list