lp:ubuntu/hoary/cdrtools
- Get this branch:
- bzr branch lp:ubuntu/hoary/cdrtools
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 4. By Martin Pitt
-
* SECURITY UPDATE: Fix insecure temporary file handling.
* 23_debug_tmpfile. dpatch:
- rscsi/rscsi.c: Do not blindly open the temporary file for debugging
(which defaults to being in /tmp), but check if it already exists and
exit if so. This avoids symlink attacks.
- rscsi/rscsi.dfl: Do not recommend to use /tmp/ as output directory for
debugging to avoid DoS situations when the temporary file already
exists.
- Note: Debugging is disabled by default.
- Thanks to Javier Fernández-Sanguino Peña <email address hidden> for spotting
this and the patch.
- References:
http://bugs.debian. org/291376 - 3. By Matt Zimmerman
-
Disable all debconf questions. We don't ever want cdrecord to be setuid
root, and we handle device creation with udev - 2. By Eduard Bloch
-
* The seventh-time-lucky release. This should go into Woody.
* Simplified the old crap^h^h^h^hdebconf interaction part, moved makedev
calls to cdrecord.postinst, since makedev != essential. Closes: #141905
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)