Branches for Squeeze

Author: Jonathan Wiltshire
Revision Date: 2012-01-04 22:01:03 UTC

* Non-maintainer upload by the security team.
* Various security fixes:
  - debian/patches/CVE-2011-1831,1832,1834.patch: chdir into mountpoint
    before checking permissions in src/utils/mount.ecryptfs_private.c.
    (CVE-2011-1831, CVE-2011-1832)
  - debian/patches/CVE-2011-1831,1832,1834.patch: modify mtab via a temp
    file first and make sure it succeeds before replacing the real mtab
    in src/utils/mount.ecryptfs_private.c. (CVE-2011-1834)
  - debian/patches/CVE-2011-1835.patch: make sure we don't copy into a
    user controlled directory in src/utils/ecryptfs-setup-private.
    (CVE-2011-1835)
  - debian/patches/CVE-2011-1837.patch: verify permissions with a file
    descriptor, and don't follow symlinks in
    src/utils/mount.ecryptfs_private.c. (CVE-2011-1837)
  - debian/patches/CVE-2011-3145.patch: also set gid and umask before
    updating mtab in src/utils/mount.ecryptfs_private.c. (CVE-2011-3145)